Join 7 Minute Security and Project7 for a fun discussion and demo of how to find Active Directory low-hanging hacker fruit, as well as how to attack (and defend against) it!
00:00 And so it begins
0:27 Introductions and banter
6:26 Intro to pentest lab environment
7:07 Using PingCastle to quickly assess Active Directory security
23:00 The risk of allowing non-admin users to join PCs to Active Directory
29:05 Conducting the Kerberoasting attack
44:37 Sniping cleartext creds from Group Policy Object (GPO) files
53:19 Using CrackMapExec to spray credentials across the enterprise
57:30 Some thoughts on online hash/password cracking