These videos are always a great way to learn something without too much detail that I lose interest. Thanks for making such helpful content

Found this the other day on linkedin and was dismissed as it needing admin, however this has been informative! thanks!

Loving these living off the land videos, I'm starting to get more and more into Windows Internals for sysadmin and security, really awesome timing that this video showed up.

Great explanation and also great real example John. Thank you.

Information about access control list (ACL). Thanks John! An access control list (ACL) is a list of access control entries (ACE). Each ACE in an ACL identifies a trustee and specifies the access rights allowed, denied, or audited for that trustee. The security descriptor for a securable object can contain two types of ACLs: a DACL and an SACL. A discretionary access control list (DACL) identifies the trustees that are allowed or denied access to a securable object. When a process tries to access a securable object, the system checks the ACEs in the object's DACL to determine whether to grant access to it. If the object doesn't have a DACL, the system grants full access to everyone. If the object's DACL has no ACEs, the system denies all attempts to access the object because the DACL doesn't allow any access rights. The system checks the ACEs in sequence until it finds one or more ACEs that allow all the requested access rights, or until any of the requested access rights are denied. A system access control list (SACL) allows administrators to log attempts to access a secured object. Each ACE specifies the types of access attempts by a specified trustee that cause the system to generate a record in the security event log. An ACE in an SACL can generate audit records when an access attempt fails, when it succeeds, or both. Don't try to work directly with the contents of an ACL. To ensure that ACLs are semantically correct, use the appropriate functions to create and manipulate ACLs. ACLs also provide access control to Microsoft Active Directory service objects. Active Directory Service Interfaces (ADSI) include routines to create and modify the contents of these ACLs.

Very practical! 💪🏻

Thanks for the video, John!

This video is full of powerful experiences!!! thanks for making such content!

Great way to start the morning.

I'm no cyber security expert but this seems like very overcomplicated UBA... You really have to dedicate yourself to the Microsoft world to fully understand the access control in Windows.

John I love your work and you inspire me daily.

Always here before John

For sc sdset should not be as loud based on the parameters provided. So that’s the 3rd layer of detection via winevent logs - cheers! Happy hunting

This video really spoke to me, Ive been working in IT for a few years and am basically a beginner with some novice understanding of Microsoft and barely any knowledge in Linux. Does anyone here have any recommendations on where to start working in security with my profile? Like what courses (paid is fine, or free) should I start in order to get going?

I did not understand much honestly.... But great video again! Thanks!

i need try it😊 john thank you for tutorial!!

Master of edureka master

wow ....ty so much boss

Thank you so much

Bravo 👏🏼 Always fantastic content. Does a simple “revert all to defaults, e.g., fresh install” command(s) exist? Appreciate ya!

How about making a video explaining how to combatant against this backdoor, and what to do if it has already been executed on your pc?

can you make a video about must tools need to know for cyber security or ethical hacking ?

the Sc sdset link is dead, anyone has the sigma rule? Thanks

Way to go!!! My best friend

We need a linux version of this. How hackers backdoor into linux desktops please!

John why do you look so happy about this YT Video?

The "GoogleUpdater" Service doesn't start. Error 1053! 🤔

Nice oneliner :)

It's all fun and games until the FBI kicks in your door at 4am

Any smart admin would have blocked admin prev on a work system, which at my work, they do, as you need to enter super admin credentials most of the time this won't work. And if the user is working from home, they would most likely be using Windows Virtual Desktop, again hard to use this command.

This tech gives many ideas :)..........

Windows services such as web access login and another service were running my CPU at 100 percent consistently on idle till I used process explorer to find which service was running the highest with svchost and killed off each service in the tree one by one till it stopped. My computers been running at 0% to 1% cpu usage consistently when in idle.i use a amd 3800x cpu.

Please do a video on how to use pwncat

🎉🎉

I go for priv esc before maintaining access as i think the access will be much more reliable, But this seems like 1 cmd to rule them all xD

Do you need a discrete gpu in order to get windows 11 to run smoothly in a virtual machine. I have an AMD 5700G running Fedora and all my Windows VMs are relatively quick but motion is choppy and ugly.

Microsoft still says (IIRC) that basically administrators are expected to be able to do this sort of thing, so if such an account is allowed to be run by a malicious actor, that's basically game over. On the other hand, if that's really the expectation, why do they keep trying to stop Mimikatz?

I love the activate windows water mark lol

Would love to see more videos on MacOS/iOS.. your videos are great but I’m not sure if they apply to me :(

nice job!!!

Hi John! What is your email I got a phishing email with malware attach and want you to investigate!

Thanks

Can anyone recommend more twitter accounts with cool new techniques of attacks like in the video?

best bro ever

POG

So this is how i can be an admin in my local network

This worries me. It makes me uncertain which services are real and are just a clone of the name of an application that I have installed... I downloaded hickvisions desktop client and used proccess explorer after unistalling the application. I killed the ivs service (it was still running after unistalling everything) and it crashed my windows computer so it was doing something.

Nice!

Could you include ways to prevent the things you talk about in your videos from happening as well?

nice

Is this Seth Trojan

Per TCP/IP protocol, the system needs to open a listening port first in order to accept an incoming connection. you can easily find all listening ports using the netstat command. There is no "secret back door" per se.

Is there not a way to become Trusted Installer and take over the system? That info is probably too spicy for KZbin.

This shouldn't be built into Windows. That's the reason why we move to Linux.

Second Persistence via Windows Service T1543.003

i thought this was an old video lol

That’s actually pretty old stuff

daka would he really would

Skills and binary numbers c, css code file's comment

u should activate windows

OK, but you need an admin user in the first place. Kinda pointless?!

Up places coling.

Nod how to cing coling fills up sum cing coling fills name and files tool files open coling fills to file account add files open tool diagram, group, Jenkins files open tool explain files open vejal

finally the first comment

can you teach how to hack cctv or security cameras

yet again : no compromised, privileged account = this entire method is useless

Amazing video

Activate Windows 😭

There is a balance between being informative and glorifying criminal behaviour.. You are crossing that line a lot of times in you videos and can't really understand why this is allowed to stand.

12:10 😆😆