Thanks to our sponsor, Keeper Security. You can download Keeper Security's Password Manager here: bit.ly/3SvmAA4

As a Jr. Pentester, not only was this relatable it was also super helpful. Lesson learned, don't ignore the not-so-obvious documents in file shares.

Its crazy that 2 months ago I knew nothing about pen-testing. Now I could follow along in the vid and understand 100% of what being said. Much because of just the PEH-course. Appreciate you, Heath, and all the TCM crew.

Something I take from this is how well you need to understand the interconnected enterprise systems in most common environments in order to get to this point. Sometimes luck is involved, but when you go this deep you have to first understand how it's set up and operates before you can think about how to get through common security practices. I always recommend people setup their own environments and secure it as best as they can, and then try to break in it to learn this if you aren't already an admin in an environment first.

Heath, sounds like it was a pretty dope engagement especially when you got the info you needed from that Mac folder. Thanks for sharing the high-lever overview of the engagement very informative too!

I’ve done hundreds of pen tests professionally over the past 4 years. This story is a pretty common one, sans share access that’s unmitigated. That’s uncommon and I usually find a different way, but CME, Responder, ntlmrelayx, and simple SCF/URL files are priceless.

Heath, you are incredible and I hope you grow even more than you already have! Favourite cyber person, period. I want to mention too that your courses have been strongly recommended by multiple organizations I have applied for in Switzerland and UK !!!!!!!!!

I'm studying AD for PNPT and loved the story. Please keep sharing your experiences.

Cool story. Shows the process and the hacker mindset. It also shows the value in the little things.

Did you use custom malwares for the EDR test ? Anything that you wrote or obfuscated

Great story

That one mistake. Looks like the company was doing very well indeed overall. Well done sir!

It was a 'Hail Mary' 🙂 as I hear echoes of 'Enumerate, enumerate, enumerate'

Thank you I'm teaching myself and learning so much from your videos here and your 4 hour Linux course

So they gave you access to a server or you got internal access on your own?

As always insightful and am so curious to have as TCM's mentality

That shirt looks cool. Do you make the designs on TCM Academy yourself?

Very informative and inspiring. Thanks for the video, appreciate it.

Hi TCM, unrelated to your video, but: Have you thought about adding more Blue Team Content to TCM Academy? Like a SOC Fundamentals Course? I don't see many resources with actual courses that are not up in the thousands. Thanks and all the best.

Man, you are my idol❤️

If they had mitigated LLMNR poisoning would've that stopped you?

Hello anyone can tell what does he mean by putting somefiles on smb shares to get user hashes on responder.?

Is it possible to make a Wi-Fi extender from a usb flash drive

You’re the best man!

Love the new shirt! ❤

Great video and great shirt! Keeper security is a fantastic tool and I highly recommend it. Thank you as well for the amazing video content and keep it up ❤

Tks for sharing!

Where can I get the TCM shirt you got wore???

Why would I use Keeper Security when Firefox can suggest and keep my passwords too?

congratulations

Amazing!!! ⭐️⭐️⭐️⭐️⭐️

Awesome

Interesting 🤔🤓

File shares again? I hope none of the IT folks over there bad mouthed Uber coz they are also guilty of storing passwords in installation scripts

MAN, WHAT ARE THE CHANCES? JUST 3 DOMAIN ADMINS AND ONE OF EM' A SERVICE ACCOUNT?

You get everything with domain controller

Looking for a video from The cyber mentor on how to root Android devices.😀😀

❤❤❤❤

How much to upload your brain? takes me long time to learn 😔

First viewer 👏🤠

This video explains from the LinkedIn post @heath made few days back.