happy holidays, everyone! 🎄 let me know what else you’d like to see in the next one :) join our discord server! dsc.gg/crow-academy (also the freaking hats at 3:02; take that image with a grain of salt (it's never that dramatic LOL) LANTERN CORP HACKERS OR SOME SH*T IDK)
Respect. You can communicate clearly complex ideas and make it funny so the knowledge absorption is a lot better. Thank you very much for your work man. You got yourself a subscriber!
I'd say most (D)DoS attacks are done via actual exploits nowadays. Like forcing a Minecraft server to constantly load chunks where you shouldn't be allowed to
i'm trained as a penetration tester : ) i hope that's what you mean! although i'm trying to shift more onto the red-teaming side of things; thank you for your comment! :D
This is really cool! The terminology has some similarities to investigations and security, and was super easy to follow and understand, Merry belated Christmas!
Can you make a video on VPNs? I think this was a super simple way of understanding some concepts, and I would really like your approach to this. Great video! hope RU-vid highlights more your channel
@@crr0ww As a side topic you could do a brief introduction to OS hardening. This will open the way to more blue team based content that could be combined with offensive security to highlight both sides of pen testing engagements
@@HTWwpzIuqaObMt yes! i was actually planning on covering a lot more of the blue-teaming side; things like digital forensics and reverse engineering, etc. i can def add in a section or two about os hardening as well :) ty for the suggestion!
oh yeah, most definitely! one of my instructors, nikhil mittal (dude who wrote nishang) has some super cool tools on his github made especially for this purpose :)
most fortune companies actually do use active directory with pretty big defensive systems set in place, from things like looking at changes in the registry, general traffic, event ids; which include ids denoting changes to users as well and some crazy things like kerberos auth reqs and stuff (although with some kerberos most of this stuff is hard to discern since the domain controller sends sooooo many of these requests out, but like things 100% still do stick out, for instance, using RC4/NTLM hashes for auth instead of AES, that’ll stick out like a sore thumb, among other things) so it’s a lot more prevalent than people might think! although the super hollywood-esque decoy i’d say is pretty scarce. i’d imagine most threat actors, upon discovering a suspiciously out of place user with domain admin privileges would be a bit more cautious, knowing all the defences in place now a days :)
