Good stuff on that discovering Defender Exclusions part. I was fiddling around obfuscating all my tools and eventually saw that 0xdf could just run stuff from htdocs so I was wondering how he enumerated that. Great addition to my notes!
Hey ipp even though ima beginner in the space i love watching all your videos even if i dont understand them fully yet lol. Hoping some of the knowledge will stick with me from these when i need it.
@@insect6003 a company called OffSec offering courses not related to offensive security is like if a Chinese restaurant started selling tacos. Just doesn't seem right. One could argue that defense is the best attack, though
@@insect6003 a company called OffSec offering courses not related to offensive security is like if a Chinese restaurant started selling tacos. It just doesn't seem right. One could argue that defense is the best offense, though
I would have loved it if you went really in depth into the world of ADCS exploitation and the different tools used to do so. I noticed you preferred using tools running locally on the box itself instead of over a tunnel, I would love to know what are the options for doing everything remotely as well - as this pretty much eliminates the problems of AV evasion. Great video and a great box, really cool!
I really don't have a preference. Both Rubeus and Impacket will create unique things that can be alerted on, so its not really opsec related. Most of the time I think I will show impacket because you don't have to fight with AV, but it's certainly quicker to do it locally and for a box this size I didn't want to increase the video length by going 100% Impacket. As for a video just on ADCS, I may consider it but I don't really like putting out targeted guides like that. I know its what people want and it's possible to just run the commands to do it. But I think you learn the attacks at a more -intimate level by seeing them inside of boxes like this. It's definitely not the quickest way to learn, but if my goal was to get you to a spot to be making $$$ as quick as possible, I'd be selling a high-priced course. Which again people want but I just don't want to do for a few reasons, mostly being stress and piracy. So I think of my videos as unoptimized in terms of time, but highly optimized in terms of building foundational skills and knowledge. I find there are a lot more people who do unethical things in the group that cares heavily about how much time it takes to learn things (and would pirate a course). The people that are just passionate don't care about being quick and they tend to be more ethical. Atleast that's my viewpoint and what helps me sleep at night putting this type of content out there for free.
Hey, love your content. I have just one question, I don't want to offend you, but I was just wondering, how old are you? If this question is too personal I am sorry, but I am really curious regarding this question. Love the content. Thanks
Hey Ipp thanks for the amazing video. I was wondering if a c2 like meterpreter wouldn’t be more handy to collect all the rev shells plus it has some built in upload/download features.
Yup probably would be, I just don't really showcase them on my channel because C2's don't always age that well. Either they become abandoned projects or the code changes and the video is no longer correct.
Is it necessary do run with Bloodhound CE ? I have installation problems with community edition.. Also if someone have free time for help I will be grateful to him.
Today I found out I am a mongoloid of apocalyptic proportions cause I understood nothing of this. Lol. Nah, not a mongoloid, just ignorant. I have so much to learn.
Hey ipp, can u record real-time hacking/pentesting infra/bb? Htb techniques never help me bypass auth/perimeter/etc on real pentest targets. That's frustrated
Men if you want to learn how to bypass EDR or any security mechanism you have to know how they works and learn on the fly! It's good to learn about blue team and how they protect and detect us. A good exercise is try to detect yourself.
@DiscomfortPioneer lol, for example i know how works nginx and nginx proxy manager - but that's unhelpful for any fuzzing and misconfig searching. I mean only initial access techniques, which didn't include edr/xdr/av/siem/soc and some else mechanism's of defense.
53:37 and 54:03 you forgot your python server us running on port 8000 when you tried to curl the shell directly. Petit Potam meaning "Little Hippo" in French made me giggle far more than it should.
Can someone help pls?, when i trying to reverse - i got this mistake, connection immediately down, but i have response (root@kali)-[~] #rlwrap nc -lvnp 9001 listening on [any] 9001 connect to [10.10.14.10] from (UNKNOWN) [10.10.11.17] 65434 (root@kali)-[~]
Good stuff on that discovering Defender Exclusions part. I was fiddling around obfuscating all my tools and eventually saw that 0xdf could just run stuff from htdocs so I was wondering how he enumerated that. Great addition to my notes!
I had told him 😀
That was one hell of a box! Great stuff you shared there. Thank you so much!
Hey ipp even though ima beginner in the space i love watching all your videos even if i dont understand them fully yet lol. Hoping some of the knowledge will stick with me from these when i need it.
This one took me some time to "digest" :) Excellent video! Thank You
Hey Ipp, let's buy OffSec, rename it back to Offensive Security and delete all non-offensive security certifications
Why?
GET OUT!! 💯🗣️
@@insect6003 a company called OffSec offering courses not related to offensive security is like if a Chinese restaurant started selling tacos. Just doesn't seem right. One could argue that defense is the best attack, though
Bro is on to nothing 🗣️🗣️‼️‼️
@@insect6003 a company called OffSec offering courses not related to offensive security is like if a Chinese restaurant started selling tacos. It just doesn't seem right. One could argue that defense is the best offense, though
Great walkthrough 💪 waiting for the University box 😅
This machine was insane
nice content and a good metholody of breaking insane boxes.just a question is there sonner any video about dns attacks ?
I would have loved it if you went really in depth into the world of ADCS exploitation and the different tools used to do so.
I noticed you preferred using tools running locally on the box itself instead of over a tunnel, I would love to know what are the options for doing everything remotely as well - as this pretty much eliminates the problems of AV evasion.
Great video and a great box, really cool!
I really don't have a preference. Both Rubeus and Impacket will create unique things that can be alerted on, so its not really opsec related.
Most of the time I think I will show impacket because you don't have to fight with AV, but it's certainly quicker to do it locally and for a box this size I didn't want to increase the video length by going 100% Impacket.
As for a video just on ADCS, I may consider it but I don't really like putting out targeted guides like that. I know its what people want and it's possible to just run the commands to do it. But I think you learn the attacks at a more -intimate level by seeing them inside of boxes like this.
It's definitely not the quickest way to learn, but if my goal was to get you to a spot to be making $$$ as quick as possible, I'd be selling a high-priced course. Which again people want but I just don't want to do for a few reasons, mostly being stress and piracy.
So I think of my videos as unoptimized in terms of time, but highly optimized in terms of building foundational skills and knowledge. I find there are a lot more people who do unethical things in the group that cares heavily about how much time it takes to learn things (and would pirate a course). The people that are just passionate don't care about being quick and they tend to be more ethical.
Atleast that's my viewpoint and what helps me sleep at night putting this type of content out there for free.
Hey, love your content. I have just one question, I don't want to offend you, but I was just wondering, how old are you? If this question is too personal I am sorry, but I am really curious regarding this question. Love the content. Thanks
Mid 30’s
Thank You..
Hey Ipp thanks for the amazing video. I was wondering if a c2 like meterpreter wouldn’t be more handy to collect all the rev shells plus it has some built in upload/download features.
Yup probably would be, I just don't really showcase them on my channel because C2's don't always age that well. Either they become abandoned projects or the code changes and the video is no longer correct.
How come AV did not flag Sharphound?
17:52 thanks for posing malisious content :)
Heya Ipp, can you update your ParrotOS ansible script? ❤
CRTP course would have been great for you, could have done all of this from one shell using winrs
He doesn't need it.
Is it necessary do run with Bloodhound CE ? I have installation problems with community edition.. Also if someone have free time for help I will be grateful to him.
why win machine is so complicated?
Push!
hey ippsec!
Today I found out I am a mongoloid of apocalyptic proportions cause I understood nothing of this. Lol.
Nah, not a mongoloid, just ignorant. I have so much to learn.
Hey ipp, can u record real-time hacking/pentesting infra/bb?
Htb techniques never help me bypass auth/perimeter/etc on real pentest targets. That's frustrated
Men if you want to learn how to bypass EDR or any security mechanism you have to know how they works and learn on the fly! It's good to learn about blue team and how they protect and detect us. A good exercise is try to detect yourself.
@DiscomfortPioneer lol, for example i know how works nginx and nginx proxy manager - but that's unhelpful for any fuzzing and misconfig searching. I mean only initial access techniques, which didn't include edr/xdr/av/siem/soc and some else mechanism's of defense.
53:37 and 54:03 you forgot your python server us running on port 8000 when you tried to curl the shell directly.
Petit Potam meaning "Little Hippo" in French made me giggle far more than it should.
I've used that for years, and never put that connection together. lol. Did not know Potam was hippo, but definitely knew Petit was French for little.
first
Can someone help pls?, when i trying to reverse - i got this mistake, connection immediately down, but i have response
(root@kali)-[~]
#rlwrap nc -lvnp 9001
listening on [any] 9001
connect to [10.10.14.10] from (UNKNOWN) [10.10.11.17] 65434
(root@kali)-[~]
Just recheck the reverse shell code