Awesome video Tyler and thanks for playing the room One thing I wanted to mention was that for question number 3, if you go to Edit -> Preferences -> Protocols -> NTLMSSP you can enter the password and Wireshark will automatically decrypt it for you
Wow, super inspiring story of pushing through at the 5 hour mark! Great case study in the power and importance of mindset, in addition to skills and methods.
Hello, Will you give a hand of help? So it states, that if you are using the web-based attackbox, it will be automatically connected to the network, but this does not happen. Is there any thing I miss or that should be done before? Many thanks in advance, and thanks for your awesome videos too!
Amazing content, I have lab work to do now.. A question for you and others out there. Would Conditional Access Policies that enforce the requirement of Compliant Devices and Entra Hybrid joined not help prevent MFA bypass using AiTM?
Love your videos on hacking. Several times in the past you said you had a new Kali VM. Can you post a video on how you create the VM and all the customized tools you use and insrall on it? I think this would be great to better understaniding your process.
Thanks for the kind words! I actually do not do anything special. I just download the standard Kali ISO and create the virtual machine in VMWare. The other tools I use on stream (i.e. Caido, Dirsearch, etc.) I install when I need them. I don't have any elaborate set-up scripts and such!
Hey Tyler great to have you back , I hope you had fun in Vegas . I was checking in everyday for a live stream , well today was the lucky day . Pls continue to grind and inspire 💪
But were trying to be anonymous as possible while doing this, i wouldn't want my DN name pointing back to any of my information. Is there a way you can anonymously buy a domain?
@@TylerRamsbey While the aim is to help secure the client's network, system and assets from threat actors, it is important that pentesters fully mimick real world scenarios to help inform the client also about some of the major challenges of the threat landscape by our assessment. Which in this case is anonymity. Might be beyond the scope but forensics and cybersecurity go both ways. Just my two cents and i appreciate your reply.
I must ask - AADInternals runs on Windows. That means that you run 2 VMs? kali-linux and Windows10? its a littlebit strange that in windows we have the option to run CMD and Powershell , but in Linux we can't run Powershell. i'm asking because I want to work only throw my Kali-Linux . Thanks and awesome video :)
This example is thankfully not too skillfully done, but what about in cases where a malicious payload is hidden in a library, or even made as part of the exploit (it is an RCE exploit after all, so compromising the target host could be an option). When doing CTFs and even client engagements we don't necessarily have the time or resources to do a full source code audit everytime we need a CVE
