Today's episode continues part 1 of our series on the Certified Red Team Professional certification. Key points from today's episode include:
It's probably a better idea to run Bloodhound on your local machine so you don't crush the student VM's resources
Invoke-Commandis one of my new favorite things. Check this post for a bunch of cheatsheet tips for running commands in PowerShell against other hosts.
Silver, gold and skeleton key attacks in AD - are they awesome? Yes? Do I see myself using those in short-term pentest enagements? Meh.
Wanna build a home lab to do some of these fun pentest stuff? Our buddy k3nundrum in Slack recommended we check out this. It looks awesome. And the devs of the tool have a video on it here.
When you're popping shells and privs all over the place in the lab, it can be confusing to figure out which machines you have what privileges on. I like using the
klistcommand. Or, from a mimikatz prompt, try