7MS #446: Certified Red Team Professional - Part 2
This podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers around the world. Arctic Wolf. Redefining cybersecurity. Visit Arcticwolf.com/7MS to learn more.
Today's episode continues part 1 of our series on the Certified Red Team Professional certification. Key points from today's episode include:
-
It's probably a better idea to run Bloodhound on your local machine so you don't crush the student VM's resources
-
Running
Invoke-Command
is one of my new favorite things. Check this post for a bunch of cheatsheet tips for running commands in PowerShell against other hosts. -
Silver, gold and skeleton key attacks in AD - are they awesome? Yes? Do I see myself using those in short-term pentest enagements? Meh.
-
Wanna build a home lab to do some of these fun pentest stuff? Our buddy k3nundrum in Slack recommended we check out this. It looks awesome. And the devs of the tool have a video on it here.
-
When you're popping shells and privs all over the place in the lab, it can be confusing to figure out which machines you have what privileges on. I like using the
klist
command. Or, from a mimikatz prompt, trykerberos::list /export
.