7MS #446: Certified Red Team Professional - Part 2


Manage episode 280319664 series 1288763
By Brian Johnson. Discovered by Player FM and our community — copyright is owned by the publisher, not Player FM, and audio is streamed directly from their servers. Hit the Subscribe button to track updates in Player FM, or paste the feed URL into other podcast apps.

Today's episode continues part 1 of our series on the Certified Red Team Professional certification. Key points from today's episode include:

  • It's probably a better idea to run Bloodhound on your local machine so you don't crush the student VM's resources

  • Running Invoke-Command is one of my new favorite things. Check this post for a bunch of cheatsheet tips for running commands in PowerShell against other hosts.

  • Silver, gold and skeleton key attacks in AD - are they awesome? Yes? Do I see myself using those in short-term pentest enagements? Meh.

  • Wanna build a home lab to do some of these fun pentest stuff? Our buddy k3nundrum in Slack recommended we check out this. It looks awesome. And the devs of the tool have a video on it here.

  • When you're popping shells and privs all over the place in the lab, it can be confusing to figure out which machines you have what privileges on. I like using the klist command. Or, from a mimikatz prompt, try kerberos::list /export.

457 episodes