1
00:00:00,210 --> 00:00:05,550
So we have compromised a user account in the initial attack vectors section.

2
00:00:05,550 --> 00:00:09,330
We managed to capture Frank Castle's hash.

3
00:00:09,450 --> 00:00:15,450
With responder we took that hash off line and we said hey look it's password 1.

4
00:00:15,630 --> 00:00:21,790
And we were able to also get on machines with SMB relay without ever having to capture a hash.

5
00:00:21,790 --> 00:00:25,690
We able to dump the sand file and collect hashes that way.

6
00:00:25,690 --> 00:00:29,160
And we also were able to create an account with management management's six and pretty much own the

7
00:00:29,160 --> 00:00:31,210
whole domain as it was.

8
00:00:31,230 --> 00:00:37,100
So we have a few different compromises that we can play with and from here we're going to take a pause.

9
00:00:37,110 --> 00:00:42,120
We're gonna go ahead and look at what we can do once we have a compromise and how we can enumerate the

10
00:00:42,120 --> 00:00:44,430
network using these compromises.

11
00:00:44,430 --> 00:00:49,140
So we're going to look at two tools specifically we're going to look a tool called power of you now

12
00:00:49,140 --> 00:00:57,810
power of you is a tool that allows us to look at the network and look at enumerate basically the Domain

13
00:00:57,810 --> 00:01:00,930
Controller domain policy domain users groups.

14
00:01:00,930 --> 00:01:02,520
A lot of different things.

15
00:01:02,580 --> 00:01:06,210
It goes very very deep with what it's capable of doing.

16
00:01:06,210 --> 00:01:08,210
And again that's a powerful tool.

17
00:01:08,370 --> 00:01:14,880
And we're also going to look at a tool called bloodhound bloodhound is going to allow us to look actually

18
00:01:14,880 --> 00:01:24,750
visualize in a graph form what is going on in the domain in the network and where can we find the sensitive

19
00:01:24,750 --> 00:01:29,810
user that might be logged in or where can we find the shortest path to getting domain.

20
00:01:29,810 --> 00:01:34,930
And it's a fantastic tool it should be used on every internal assessment that you do.

21
00:01:35,070 --> 00:01:39,330
And I think these two tools will really set you apart when it comes interview time being able to talk

22
00:01:39,330 --> 00:01:43,760
about them and know how to use them in an assessment.

23
00:01:43,770 --> 00:01:48,570
So from here we're gonna go ahead and move on we're going to start talking about how to install power

24
00:01:48,570 --> 00:01:52,320
of you use power view and then we'll move in the bloodhound and then eventually we're going to move

25
00:01:52,350 --> 00:01:56,740
into these post compromise attacks once we have all this information in front of us.

26
00:01:56,850 --> 00:01:58,990
So let's go ahead and move into the next video.

27
00:01:59,010 --> 00:02:00,510
When we install power of you.