Thanks to our sponsor, Keeper Security. You can download Keeper Security's Password Manager here: bit.ly/3SvmAA4
@TastyLaserCakes2 жыл бұрын
As a Jr. Pentester, not only was this relatable it was also super helpful. Lesson learned, don't ignore the not-so-obvious documents in file shares.
@Boolap13372 жыл бұрын
Its crazy that 2 months ago I knew nothing about pen-testing. Now I could follow along in the vid and understand 100% of what being said. Much because of just the PEH-course. Appreciate you, Heath, and all the TCM crew.
@wavemakersdj2 жыл бұрын
Something I take from this is how well you need to understand the interconnected enterprise systems in most common environments in order to get to this point. Sometimes luck is involved, but when you go this deep you have to first understand how it's set up and operates before you can think about how to get through common security practices. I always recommend people setup their own environments and secure it as best as they can, and then try to break in it to learn this if you aren't already an admin in an environment first.
@juliusrowe93742 жыл бұрын
Heath, sounds like it was a pretty dope engagement especially when you got the info you needed from that Mac folder. Thanks for sharing the high-lever overview of the engagement very informative too!
@LEVELMotorsports2 жыл бұрын
I’ve done hundreds of pen tests professionally over the past 4 years. This story is a pretty common one, sans share access that’s unmitigated. That’s uncommon and I usually find a different way, but CME, Responder, ntlmrelayx, and simple SCF/URL files are priceless.
@ambroze882 жыл бұрын
Heath, you are incredible and I hope you grow even more than you already have! Favourite cyber person, period. I want to mention too that your courses have been strongly recommended by multiple organizations I have applied for in Switzerland and UK !!!!!!!!!
@uaebikers2 жыл бұрын
I'm studying AD for PNPT and loved the story. Please keep sharing your experiences.
@purplepingg2 жыл бұрын
Hi bro, can you share from where AD pnpt we can study. Am searching a lot about this subject but not getting a detailed document/book
@uaebikers2 жыл бұрын
@@purplepingg tryhackme active directory module. Around 7 rooms. Half are free and half paid.
@Agent_Orange_Peel2 жыл бұрын
Cool story. Shows the process and the hacker mindset. It also shows the value in the little things.
@nuszkat99532 жыл бұрын
Did you use custom malwares for the EDR test ? Anything that you wrote or obfuscated
@MetalElmmer Жыл бұрын
Great story
@ninetails_merlin57302 жыл бұрын
That one mistake. Looks like the company was doing very well indeed overall. Well done sir!
@QuincyNtuli2 жыл бұрын
It was a 'Hail Mary' 🙂 as I hear echoes of 'Enumerate, enumerate, enumerate'
@MFoster3922 жыл бұрын
Thank you I'm teaching myself and learning so much from your videos here and your 4 hour Linux course
@mrsmith5114 Жыл бұрын
So they gave you access to a server or you got internal access on your own?
@zukxxxx02 жыл бұрын
As always insightful and am so curious to have as TCM's mentality
@klr6072 жыл бұрын
That shirt looks cool. Do you make the designs on TCM Academy yourself?
@RAZREXE2 жыл бұрын
Very informative and inspiring. Thanks for the video, appreciate it.
@getoutmore2 жыл бұрын
Hi TCM, unrelated to your video, but: Have you thought about adding more Blue Team Content to TCM Academy? Like a SOC Fundamentals Course? I don't see many resources with actual courses that are not up in the thousands. Thanks and all the best.
@nandorbacso46252 жыл бұрын
Man, you are my idol❤️
@breakingcustombc29252 жыл бұрын
If they had mitigated LLMNR poisoning would've that stopped you?
@UsamaAli-kr2cw Жыл бұрын
Hello anyone can tell what does he mean by putting somefiles on smb shares to get user hashes on responder.?
@ghostgaming-78-l5l2 жыл бұрын
Is it possible to make a Wi-Fi extender from a usb flash drive
@areray14412 жыл бұрын
You’re the best man!
@dean35152 жыл бұрын
Love the new shirt! ❤
@HopliteSecurity2 жыл бұрын
Great video and great shirt! Keeper security is a fantastic tool and I highly recommend it. Thank you as well for the amazing video content and keep it up ❤
@gustavopiedade88722 жыл бұрын
Tks for sharing!
@zukxxxx02 жыл бұрын
Where can I get the TCM shirt you got wore???
@Exit_Asphalt_02 жыл бұрын
Just check tcm merch site lol
@_neovek2 жыл бұрын
Why would I use Keeper Security when Firefox can suggest and keep my passwords too?
@TCMSecurityAcademy2 жыл бұрын
Those passwords are stored in cleartext homie.
@tiktOk-qp8ph2 жыл бұрын
congratulations
@Wanderer0722 жыл бұрын
Amazing!!! ⭐️⭐️⭐️⭐️⭐️
@noormohammadgagguturi2 жыл бұрын
Awesome
@BD90..2 жыл бұрын
Interesting 🤔🤓
@okonkwochukwudalu93402 жыл бұрын
File shares again? I hope none of the IT folks over there bad mouthed Uber coz they are also guilty of storing passwords in installation scripts
@harshilshah25072 жыл бұрын
MAN, WHAT ARE THE CHANCES? JUST 3 DOMAIN ADMINS AND ONE OF EM' A SERVICE ACCOUNT?
@hihi4002 жыл бұрын
You get everything with domain controller
@Aarishzamankhan2 жыл бұрын
Looking for a video from The cyber mentor on how to root Android devices.😀😀
@igu6422 жыл бұрын
❤❤❤❤
@VagrantAce772 жыл бұрын
How much to upload your brain? takes me long time to learn 😔
@FATAOS3C2 жыл бұрын
First viewer 👏🤠
@choice-flaky36262 жыл бұрын
This video explains from the LinkedIn post @heath made few days back.