Hacking a Domain Controller

Thanks to our sponsor, Keeper Security. You can download Keeper Security's Password Manager here: bit.ly/3SvmAA4

Something I take from this is how well you need to understand the interconnected enterprise systems in most common environments in order to get to this point. Sometimes luck is involved, but when you go this deep you have to first understand how it's set up and operates before you can think about how to get through common security practices. I always recommend people setup their own environments and secure it as best as they can, and then try to break in it to learn this if you aren't already an admin in an environment first.

As a Jr. Pentester, not only was this relatable it was also super helpful. Lesson learned, don't ignore the not-so-obvious documents in file shares.

Cool story. Shows the process and the hacker mindset. It also shows the value in the little things.

Thank you I'm teaching myself and learning so much from your videos here and your 4 hour Linux course

Hi TCM, unrelated to your video, but: Have you thought about adding more Blue Team Content to TCM Academy? Like a SOC Fundamentals Course? I don't see many resources with actual courses that are not up in the thousands. Thanks and all the best.

Love the new shirt! ❤

congratulations

Awesome

Amazing!!! ⭐️⭐️⭐️⭐️⭐️

Looking for a video from The cyber mentor on how to root Android devices.😀😀

Its crazy that 2 months ago I knew nothing about pen-testing. Now I could follow along in the vid and understand 100% of what being said. Much because of just the PEH-course. Appreciate you, Heath, and all the TCM crew.

It was a 'Hail Mary' 🙂 as I hear echoes of 'Enumerate, enumerate, enumerate'

Did you use custom malwares for the EDR test ? Anything that you wrote or obfuscated

Heath, sounds like it was a pretty dope engagement especially when you got the info you needed from that Mac folder. Thanks for sharing the high-lever overview of the engagement very informative too!

Very informative and inspiring.
Thanks for the video, appreciate it.

If they had mitigated LLMNR poisoning would've that stopped you?

Hello anyone can tell what does he mean by putting somefiles on smb shares to get user hashes on responder.?

So they gave you access to a server or you got internal access on your own?

Great story

Man, you are my idol❤️

Great video and great shirt! Keeper security is a fantastic tool and I highly recommend it. Thank you as well for the amazing video content and keep it up ❤

❤❤❤❤

I’ve done hundreds of pen tests professionally over the past 4 years. This story is a pretty common one, sans share access that’s unmitigated. That’s uncommon and I usually find a different way, but CME, Responder, ntlmrelayx, and simple SCF/URL files are priceless.

Heath, you are incredible and I hope you grow even more than you already have! Favourite cyber person, period.
I want to mention too that your courses have been strongly recommended by multiple organizations I have applied for in Switzerland and UK !!!!!!!!!

This video explains from the LinkedIn post @heath made few days back.

I'm studying AD for PNPT and loved the story. Please keep sharing your experiences.

Interesting 🤔🤓

File shares again? I hope none of the IT folks over there bad mouthed Uber coz they are also guilty of storing passwords in installation scripts

That one mistake. Looks like the company was doing very well indeed overall. Well done sir!

That shirt looks cool. Do you make the designs on TCM Academy yourself?

As always insightful and am so curious to have as TCM's mentality

MAN, WHAT ARE THE CHANCES? JUST 3 DOMAIN ADMINS AND ONE OF EM' A SERVICE ACCOUNT?

How much to upload your brain? takes me long time to learn 😔

Is it possible to make a Wi-Fi extender from a usb flash drive

Where can I get the TCM shirt you got wore???

You get everything with domain controller

You’re the best man!

Tks for sharing!

Why would I use Keeper Security when Firefox can suggest and keep my passwords too?

First viewer 👏🤠