Understanding Active Directory Basics | TryHackMe Pentest+ Windows Lab

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] hey everybody what's good what's going on looks like there we go it was a little bit out of focus there hey hope everybody's doing good uh welcome back to another cyber insight live stream today is going to be a really helpful topic for those who are interested in learning a little bit about active directory so as we kind of have been continuing down this path of doing all these different uh try hack me pentest plus rooms that kind of align with the different objectives in the certification i wanted to take a look at the group of rooms that they have dealing with windows stuff and the first room that comes along with that is one that covers kind of a high level breakdown of the different components of active directory so this video is going to be super useful to you um even if you aren't involved in pen testing or you know want to get into red team stuff if you uh just want to understand a little bit more about active directory so maybe you're looking to get a job you know on service desk or help desk maybe you want to become a systems engineer maybe you work with some other facet of it operations but you have to work with windows folks might make a little bit of sense to kind of pick up some of this knowledge and that way we're all kind of using the same nomenclature and understand how things kind of work so before we hop in over into the lab room as always if you have any questions or comments throw those uh in the in the chat box in the comment section and we'll hit those up as we go through there and make sure you smash the like and subscribe button and all that good stuff so uh yeah let's just hop over into it from there let me also just make sure [Music] that we have um that got some comments coming in already hey everybody oh man anonymous is in here too well since we kind of already uh found out who that is well i guess we'll kind of just keep that a secret for those who haven't seen that chat over on uh davin's channel uh let me throw these up real quick before we jump in hey kiki what's good let's see a few more coming in awesome appreciate that l what is going on let me drop that in there all right so um a little bit about how this room is going to help us moving forward into the other labs so um i think that there are four other active directory rooms and i think this is really gonna you know lay out the foundation for understanding the basic services that reside within active directory uh which will then allow us to use other types of tool sets to enumerate information and then later on attack it we aren't doing any of that in this room uh this is kind of just setting everything up as a baseline goes if you watched any of the other videos where we did the the network services rooms i think again there was like four or five rooms there and there was initial one where it was kind of just an overview of networking and so that's pretty much what this one is going to be there is a little tiny lab at the end where we're going to do some some powershell stuff um but i mean really really basic stuff which is good because i suck at powershell and uh one of the reasons why i'm doing this is to get better at powershell so well let's uh let's take a look and kind of uh i'll walk through this kind of give you uh a few tidbits of what i think uh you know in addition to this from from my experience working with active directory stuff so uh if you don't know what active directory is um it's a directory service that runs within windows environments um and really we see it uh in a few different ways so when i say directory service pretty much you're creating different types of computers user accounts service accounts and it ties everything together so that you can have an account that's assigned to you an email address and all those types of things and you can log on to pretty much you know any type of device that you have permissions to log on to within the environment it makes management and logging and auditing of users and services within a windows environment centralized and uh a lot easier to do than if you had to create individual accounts for every single user in your environment on all of the different types of devices that would suck i've been in some environments like that before it's it's not it's not pretty it's not a lot of fun um let's see so what are we going to be hitting up in this today so a few different things we're talking about domain controllers those are kind of going to be the main servers that are used to kind of manage and monitor all of this we're going to be talking about forest trees and domains those are kind of like russian nesting dolls when it comes to looking at an active directory environment and uh kind of we'll talk about how they all kind of build on top of each other users and groups i just mentioned you know you're a person within an organization you are a user you need an account to be able to do things one of the cool things that we're able to do with active directory both from a functional standpoint and a security standpoint is we can take these different types of accounts whether or not it's actually associated with a user or associated with different types of servers or machines and put them into different groups the reason why that is super helpful and useful is because we can then go ahead and create different types of policies to apply different types of controls or permissions or any type of unique configurations that we want to just have a specific group of things be able to do or have access to so when it comes to securing uh windows environments uh group policies is you know what we use a lot to be able to do that and it's very very helpful especially when you're trying to secure a whole bunch of different devices let's say you have a thousand different devices in your environment if you use group policies you can set that once and it pushes out to all of the specific devices that you want those rules attached to so very very helpful trusts we're going to hit on that a little bit trust from my experience has been when you have different types of domains separate domains or even separate forests and you want to have some type of agreement between those to allow users in one environment to be able to access data in another or vice versa kind of already talked a little about policies and then domain services so we're kind of talking about you know the ability to [Music] how do i want to put this the ability to have a centralized authentication mechanism there are other types of domain services that get tied to active directory um and i expect that we are going to be hitting on that a little bit more some things just off the top of my head that kind of would integrate with this would be things like dns or email exchange services or other types of file services things like that all right so what are they talking about here why use active directory well it's pretty much used everywhere and as i said uh being able to have a single user sign on to any computer in an active directory network and be able to access their files from that machine is very powerful and i think that pretty much covers the gist of all that stuff so we'll go ahead and mark that as completed all right so physical active directory um let's see what they what they got going on here um so this is if we're talking about physical active directory we're actually talking about on-premise um servers so not necessarily azure and cloud-based types of services and different types of servers that we have that can be connected to active directory domain controllers which we're going to hit on storage servers file servers print servers email servers web servers database servers um pretty much anything that you can think of that's a server can connect back to active directory one way or another you can also integrate linux into that in some ways you can also integrate networking devices into that in certain ways as well depending upon the types of services that you're using so for instance if you're using something like tacacs you can have your user account and a specific group for network engineers that's managed with an active directory and then you have a tacacs server which is going to use domain controller and active directory as a external identity source and you're kind of able to tie that all together so that when a network engineer goes to log into a firewall you can check to see if their account is a member of the firewall ou within active directory and if it is then they will be able to have access to uh that firewall and other networking devices that you've given them permission to so it's pretty cool it's pretty robust and you can do a lot of things with that so domain controller is really going to be the windows server that's running the active directory domain services or adds if you just have a regular windows server it is not a domain controller it actually needs to be promoted into that role let's see domain controllers at the center of active directory and control the rest of the domain so it's going to hold the adds data store and we're going to talk about what that is that's pretty much going to be all of the information and credentials for the different users groups and services the domain controller is going to be the central point that handles the authentication and author authorization of services it replicates uh any type of configuration changes to other domain controllers uh within your forest and we're going to talk about what a forest is here in a little bit and that also comes back to where i was talking before about policies and things like that if you update that on one domain controller the cool thing with that is it syncs that to the rest of the domain controllers that are that are in that domain likewise if you create a user account on one domain controller within active directory then that's going to sync that to the rest of the domain controllers as well so once you make a change in one location it pretty much will push it out to the rest of the domain controllers that it's aware of let's see so the addds datastore as i mentioned it holds a database and processes the need to store and manage directory information so your users your services your groups and here are some of the main contents and characteristics of the adds data store it contains the ntds.dit this is a database that contains all the information for active directory as well as the password hashes for domain users now we aren't really going into the hacking x aspect of this in this particular room but as we move into the other rooms you will see ntds.dit come up quite a bit this is one of those things that if an attacker is trying to be able to get credentials in the environment if they are able to get to this pull it down and then be able to run some tools to try to crack the password hashes then uh this is kind of like the the jewels in the kingdom for uh lack of a better term it's also important uh why you want to have very complex and long passwords because then that makes the hash super super hard to crack um let's see anything else the ntds.dit is stored under system root so maybe the c drive and then ntds it's accessible only by the domain controller so you have to get kind of cute with that if you are trying to actually pull that off the domain controller which is again why it's important to have physical security with your physical domain controllers because sometimes certain red teamers might just run in and grab the domain controller and run out the front door i think tinkersec did that a while ago i think that was a twitter story that you went through where he was talking about where he was on a pen test and was able to identify the domain controller there was no physical security and he just pulled it threw it under his arm which would have been hilarious to see and ran out of the building and then started uh you know doing whatever he needed to do since he had physical access to the drive to be able to try to uh crack the hashes um within that so all right to the questions here what database does the adds contain well we just said ntds no n t d s dot dit cool all right where is that stored and we already saw that right here system root ntds and what type of machine can a domain controller be um i think that we are talking about uh windows windows server maybe there we go cool all right got some more comments coming in i'll throw that up real quick group policy is life in a.d for sure very very very important all right we can move on to the next one so we're going to talk a little bit about forests so the forest is what defines everything kind of container for all of the different things um within active directory without the force all the other trees and domains would not be able to interact and this is kind of something at least for me that is always interesting to look at because you see within this forest here you kind of have a few different domains you might even call them subdomains maybe so i guess if you don't have multiple domains within your forest you just have one domain it still would be considered a forest even though you don't have multiple domains in there i think i'm talking in circles there but i wanted to work through that in my mind for a second let's see the one thing to note force is not to think of it too literally yeah okay that's obvious um see so a collection of one or more domain trees inside of active directory network and it's what categories is the parts of the network as a whole so a few of the things that kind of go into a forest trees is a hierarchy of domains in adds a domain is just uh a group of or is used to group and manage different types of objects we talked about those objects up above users computers service accounts ou's or organizational units or containers where we can put different types of things whether they're groups computers printers users we can nest ou's with inside of other ou's and this is normally where you're going to see if you're trying to be very specific with your gpos you can sometimes see gpos attached to specific ous trusts allow user to access resources in other domains and there are different types of trusts i don't know how deep they're going to go into that but you can have transitive trusts where both domains trust each other non-transitive trusts um one way trusts that could be something where me being in one company i'm trusted to be able to log into resources in another but that other company isn't allowed to log into my stuff a whole bunch of different ways that you can do that and sometimes those trusts can get a little bit messy and that's why you want to have good windows and active directory engineers to be able to handle all of that stuff see objects we kind of talked about that users printers computers file shares groups domain services uh kind of talked about a few of these different things before we were talking about you know maybe um exchange or dns servers here they have a few other things and domain schema is the rules for object creation all right so let's hit these up what is the term for hierarchy of domains in a network so i think here we are talking about a tree okay uh what is a term uh for rule what is the term for the rules for object creation uh domain schema and what is a term for containers for groups computers users printers and other ou's organizational units all right now we're going to move into users and groups any questions so far before we hop into that all right users and groups um they reside within ad when you create a domain controller comes with default groups and two default users administrator and guest now man we could we could do a whole video on uh best practices with what to do with those disabled guests end up uh doing something else with your administrator um i don't remember if you can rename that or not you might i think you can um and use uh lapse on your local account so that way uh it's always changing a periodic uh interval so it will be unique between all of the different windows boxes in your environment and changes periodically makes it a little bit harder for uh an attacker to be able to get your uh local admin credentials and um yeah just it makes it a little bit more of a challenge okay uh users are the core to active directory without users well i have actor active directory in the first place that's what i kind of was mentioning is across your entire environment you you're going to have user account associated with individuals easier to sign in and do different types of services so uh a few different types of users within the environment domain admins pretty much they can do anything within the environment you want to be very specific about who you give these credentials to you want to limit who actually gets those even better than that you can create other types of groups with certain accounts to be able to do [Music] service desk or help desk types of things account resets being able to log into stuff with remote desktop things like that you want to try to separate those rolls out a little bit um so that way you uh aren't just giving everybody domain admins because then that can be really messy and then you've been stepping back further than that if you work in an environment where everybody all users get domain admins uh i don't know uh you probably need to break out some some candles and some incense and some prayers because that's to get pretty uh that can go sideways real quick service accounts uh service accounts are normally used with different types of applications um and services to be able to do different things within active directory so for instance let's say you had a monitoring tool that uh needed to sync with active directory so that you could have you could log on to that tool using an ad account a service account is going to be an account that you're going to create that you're going to use within that application to be able to query or query active directory to make sure that whenever someone logs in with account they're able to actually authenticate with service accounts you want to be very very granular and specific you don't want to give them too many permissions more permissions than what they really need to be able to get the job done for whatever the service or application is that they're interacting with local administrators as i said that is uh on the on the local machines um you want to be careful with those you want to rename those use laps there's a whole bunch of other security best practices that you would follow with those they cannot log on to the domain which is good but if they are able to be compromised on the local machine then they can end up installing other things and then you know it becomes a bit of a slippery hill uh a slippery slope i should say um as far as what happens once a local administrator account has been compromised so not good and then domain users these are going to be your your everyday folks that don't have any type of administrative uh credentials or permissions and that's good you want to be again as uh granular with any types of permissions that you need to do and if you have different types of users that have different requirements for permissions above what normally comes with domain users you would again want to create some type of group and ou for that and give those specific permissions to users within that group and look at that we're actually going to talk about groups okay groups make it easier to give permissions to users and objects by organizing them into groups of specific permissions i swear i just said that uh two different types of active directory groups you've got security groups special specify permissions and distribution groups um these are used to specify email distribution lists right so you might uh you know see that within exchange if you and a group of friends want to create a specific group an email address for that then you can go ahead and do something like that default security groups there is a lot to this and all of the different things that come into that i'm not necessarily going to read through all of these but just from looking at this you should understand that each of these all have kind of uh different permissions to be able to do different things monitoring these or specific groups within these is very important from a security perspective um yeah if you want to know a little bit more about default security groups spend a little bit more time uh digging in into these all right what types of groups specify uh user permissions we said that was security groups all right which group contains all workstations and servers joined to the domain all workstations and servers joining domain is domain computers now again with like that type of group maybe you want to make different types of groups depending upon different types of servers that you have you can get more granular that way and then apply specific permissions to those specific server groups which group can publish certificates to the directory yes or publishers which user can make changes to a local machine but not to a domain controller well we were already talking about local administrators and we'll see if that's administrator or administrators cool which group has their passwords replicated to read-only domain controllers read-only domain controllers maybe let's see no let's see oh right there loud read only domain controllers password replication group let's try that there we go all right trust in policies let's see got a few other comments coming i'll throw those up stigs made us change the default name on all of our networks as you should as you should um let's see they always give the answer i know i know i always i always forget about that they're very specific with the information they put in there they want you to succeed which is nice all right trusts and policies go hand in hand to help the domain entries communicate with each other maintain security inside the network let's see they put rules in place of how domains inside a force can interact with each other how external force can interact with the forest and the overall domain rules policies of domain must follow so we're kind of talking about the example before of you work for one company it has some type of trust with another company and you're able to access stuff within their environment and that's kind of what this is looking like here within the forest you have these three domains they have trusts with each other there's an external domain outside of the forest that is able to access uh the forest and this domain or it could be all of them depending on how you have it set up and trust outline the way that domains inside the forest communicate with each other and in some environments trust can be extended to external domains and even force in that case oh and i was talking about this above too uh directional and transitive so two types of trust to determine how domains communicate directional the direction of the trust flows from a trusting domain to a trusted domain and transitive the trust relationship expands beyond just two domains to include other trusted domains types of trust uh put in place determines how the domains and the trees in the force are able to communicate send data back and forth yep uh and then domain policies we were talking about how this is a super important uh part of active directory kiki you mentioned that as well um dictate how server operates what rules it will apply so interesting thing that they don't mention here but is worth understanding from a from a active directory perspective is the order of precedence for um how policies are applied within a domain so i believe i'm trying to remember i think it is local first and then um site and then domain and then ou right yes that sounds right so um things will go in in that order as far as things being applied on the scene and whichever of those in that order has a setting is the last one that's applied so that's why when we're talking about implementing gpos with uh and doing it to specific ou's that's kind of the most uh important one out of that since that's the last one that's looked at and so that's where you normally want to apply your settings to make sure that they aren't overwritten someplace else if you end up doing it let's say you put in a local security policy which you can do that on any windows machine there's local security policy to go in and change whatever you want that to be as long as it's a member of the domain and still has connections to that whatever gpos are out there are going to be pushed to it and if that same setting contradicts with something that's set at the domain level or at the ou level then that ou level one for instance is going to overwrite whatever the local security policy is so kind of important to understand uh the hierarchy of that and how all of that kind of plays out oh let's see uh simply act as as rules for active directory that's what we were kind of talking about um along the list of default domain policies domain admins can choose your own policies not already on the domain controller and again this comes back to whether or not you want to do specific gpos on specific types or groups of servers lots of different things that you can do with those here's they're giving some examples of things you can disable windows defender digitally sign uh communications i mean anything that you can think of within active directory as far as different types of or not even active directory but within a windows environment as far as different types of services and configurations you can pretty much do that within a gpo you can also push out different types of scripts you can change different registry settings these can all be tied back to gpos that again can be tied back to specific ou's so pretty robust all right question what type of trust flows from a trusting domain to a trusted domain uh we were talking about directional all right and then what type of trust expands to include other trusted domains transitive all right any questions so far on any of that all right so active directory domain services and authentication um we're talking about the the directory services kind of being the the core of what the domain controller is going to be doing within active directory but there are different services that we kind of mentioned before i mentioned dns before and they got a few here so ldap lightweight directory access protocol provides communication between applications and directory services so before where i was talking about that scenario of you having an application and you needing to have a service account that would be able to query active directory well the way that it might query active directory especially if it's you know not a windows application would be using a protocol uh called ldap you'll see that a lot especially uh for using also linux devices in the within the environment might be using ldap as well for uh querying back to active directory uh when users are logging on there um certificate services um yeah so if you're going to be running a certificate authority within your environment and you want to create validate revoke different types of certs that's another type of domain service you can do other types of naming services you see covered here dns being the one that you're probably most familiar with domain authentication overview um two types of main authentication in place for active directory ntlm and kerberos um i think that we're gonna be hitting that up a little bit more within those rooms and they'll do a little bit more of a deep dive into that kerberos and all of your ticket granting tickets and ticket granting servers and kind of how all of that goes back and forth an ntlm and uh the different versions of ntlm and the ones that are vulnerable and all that type of stuff i'm sure we were gonna hit up uh a lot more uh in those other rooms so i'm not gonna go too much into that here except kind of what they're covering here so kerberos default authentication service for ad uses uh i just mentioned that tickets ticket granting tickets and service tickets to authenticate users and give them access to different types of domains so it's kind of like this process where you you as a user you log in and you get the ability to request different things then depending upon the permissions that you have you take your uh your ticket to be able to request things to actually then go and request the ability to interact with a service and then you get a ticket back from that particular service and that allows you to be able to do whatever it is you need to do for a certain period of time this goes back again to something that we we hit on a lot before and that is the importance of timing within your environment and why ntp is so important because if your timing is off all this stuff goes to so make sure that your timing is good uh and then ntlm is a default windows authentication protocol used for encrypted challenge and response protocol don't use ntlm version one and there's certain versions of ntlm version two which i think depending upon the responses that it has uh can get you in a bit of trouble as well so i'm sure like i said we are going to cover those a lot more in some other rooms all right uh what type of authentication uses tickets well we're just talking kerberos and what domain service can create validate or revoke public key certificates certificate services all right and now we are going to ad in the cloud azure a.d so this is great we learn all this stuff and then microsoft takes all of it and throws it in the trash but don't worry everybody's going to the cloud but maybe not i mean we still use ad an awful lot on prem um so here they're going to talk a little bit about the differences even though they're saying that azure active directory which is totally different than your regular microsoft on-prem active directory a lot of differences um they're saying that azure actor active directory is um a bit more secure protect your apis by the way let's see what they have to say so azure acts as a middleman between your your physical active directory and your user sign on this allows for more secure transactions between domains making a lot of active directory attacks ineffective so you have users going to sign on through azure active directory there's azure ad connect to on-prem active directory and they kind of do some magic back and forth there so the best way to show you the cloud take security precautions past what is already provided with physical network is to show you comparison within cloud active directory so instead of ldap they're using rest apis instead of ntlm they're using oauth or saml instead of kerberos open id we're used to ou trees here within azure a.d it's more of a flat structure domains and forests kind of become tenants and trusts and guests i know that that really does not go into a great breakdown on that but i think the main point here to understand is azure active directory can interact back with on-prem active directory via azure ad connect there's a lot of differences between the two you don't expect that the same things that you're doing uh within your domain controllers or active directory on-prem you're gonna be able to do in the cloud and i think as long as you kind of have that understood then you can start to dig a little bit more into the specific differences and the use cases that you have within your environments i am interested to see if there is any um azure ad rooms i didn't actually look to see if that's the case with this but it'll be kind of interesting to see if they do have that that might be kind of fun all right what is the azure ad equivalent of ldap rest apis as i mentioned protect your apis what is the azure ad equivalent of domains in forests tenants and what is a windows ad equivalent of guess is trusts all right now we get to the lab portion of this let's take a look at what they have us doing here so um pretty much they want us to get into this box and we're gonna do a little bit of querying with powershell um i'll let you know right off the bat i suck with powershell everything i do with powershell in general in my life comes from googling so um we're gonna kind of see how this goes uh might need some help maybe we'll see um so i already deployed the machines we're good with that um ssh or rdp into the machine um i already gave that a test so i'm just gonna ssh in since we're just using uh the command line for this stuff don't really need to rdp into it so just ssh and then we're gonna take a look and see uh what they want us to do so um we're gonna go to the downloads uh navigate to the directory power view is in uh which is in downloads we're going to load powershell with execution policy bypassed so be able to actually do some stuff with it and import which will be importing a power view module so modules within powershell kind of give you the ability to do or view or interact with data in different types of ways that's my non-windows engineer explanation all right so let's see what we got here so i am already into this here i also made my um little circle thing a little bit smaller some folks were mentioning how it kind of uh my little video screen there was getting in the way of the text so hopefully that's better and you won't have any issues of reading anything i type out so we're going to ssh as we kind of have shown before whenever you want to use a specific username when you're sshing just username at and then the ip address and i believe it was password one two three at all right so now we are in here we are going to cd to downloads i think okay now we're in downloads uh we're gonna go powershell ep bypass what's that a hyphen there yeah hyphen ep okay now you see that we are in powershell yep and then we were going to uh import that module powerview.ps1 okay so that should have taken that fine that looks good all right so what do we got to do so um i'll help you with a few commands use the following cheat sheet i kind of already opened that up here we might use some of this stuff we might not we might just google throw some stuff against the wall we'll see how it goes um you should have enough knowledge of active directory now to investigate the machine's internals on your own sure all right uh so some commands here this is to get a list of operating systems on the domain this is a to get a list of users on the domain and then select and cn i think it's for common name so that kind of brings that up okay well there's not a lot of questions here so we'll kind of see how this goes what is the name of the windows 10 operating system so seems like this one right here will work for us get hyphen net computer hyphen full data pipe select operating systems let's see how that goes that's not it there we go let's see what we got so they're asking which is the windows 10 and we just have only that as an enterprise evaluation coming up as options within the environment so we'll copy that move that over there am i doing that incorrect let's see come on we will just go and get that i'll just move that over okay windows 10 there we go okay uh what is the second admin name so we're gonna take a look we used a get hyphen net user and again like i said we use a common name here let's see so what do we have here so as far as options that come up here the second one looks like it's going to be admin 2. well just for kicks and giggles let's see what they give us if we don't select that we just go get user then we end up getting a whole bunch of information on all of these different accounts and so by specifying um that specific attribute then we were just able to pull all that up and make that a little bit easier to see okay all right let's go do that as admin two so do that two now as far as which group has a capital v in the group name let me see if there's something here that might i don't know if that will go to main group give that a try no all right i need something a little bit more specific um should be not local group okay well let me get rid of that sorry about that all right so we were looking at all of the different groups and we're looking for one that had a capital v in the name hyper-v administrators looks pretty good to me so let's do that see if that's right hyper-v administrators i wonder okay that's another one that's good and then what is a password for the when was the password last set for the sql service user now we could use that i think what else did a little look before i think we could go get let's twice get 80 user let's see oh yeah helps when i put a hyphen in there get a user i identity and it was what my sequel sql service sql service [Music] no let's see oh that helps when i spell identity right doesn't it okay um i think we need something a little more than that probably missing some properties um let's go oh yeah let's try properties and we can go we could i think we could specify like the password last change but i don't know what that is off the top of my head so i think we can just go asterix to get all of them there we go okay and when created when changed password last set there we go okay so 5 13 20 20 8 26 5 8 pm is that what all of that wants that looks like that's what that wants okay let's see 5 13 20 20 8 2 6 5 8 p.m okay give that a try bam all right that looks like that is it see if there was anything else we've done all the basics of active directory you need to know to interact inside of the network and so that is going to set us up for uh those next labs we'll take a look real quick in the lab since we're here to see what the other ones are that fall underneath that so it's under localhost vulnerabilities and so we have attacking active directory attacking kerberos and uh post exploitation basics yes awesome we did it and kiki's going to join me on one of these here uh next wednesday we haven't decided which one we're going to do yet but we're going to do another collaboration and kind of see how that all goes those are pretty fun so um yeah so let's go back that looks good so hey appreciate everybody uh checking that out any questions uh before we wrap it all up some more comments coming in appreciate it we did it see if there's anything else that kind of came in i think that was i think that was about it um yeah appreciate everybody uh sticking around had a decent amount of folks on the stream today so that's always awesome make sure you hit the like button share it with your friends or other folks that you know that are trying to uh learn a little bit about active directory hopefully uh it helps them out a little bit i'll have another have i done the rick and morty lab no um which one what does it cover i appreciate you dropping in i'm gonna have to look up the uh the rick and morty lab everything that i've done so far has been aligned with the pentest plus room i guess or not run but course so like everything that kind of fell in underneath these so i mean we still got to do burp suite we haven't done any of the application stuff uh yet so that will have a web fundamentals kind of just like what we did with active directory fundamentals where it will you know not be very much hands-on but more little book learning i guess and then go into uh some web app pen testing but i'll have to take a look you're saying it's part of the beginner path let's hop over there real quick since we're here and kind of take a look at that complete beginner uh linux fundamentals network fundamentals we've all done that pickle rick i don't know about that these look pretty good maybe some eternal blue interesting okay what's a shell i'm not see i'm not seeing it um i'm not seeing it under here unless i just missed it john the ripper oh i guess that was pickle rick was the rick and morty ctf okay let's take a look at that real quick rick morty theme challenge exploit a web server and find three thing three ingredients that will help rick make his uh potion to transform himself back into a human from a pickle i mean yeah it doesn't sound like a good situation uh okay that's cool yeah i think uh once i get done with these pen test plus rooms um i'm gonna look at doing some of the other ones just because i think this is kind of a fun a fun way to do some streaming content um and so whether you go complete beginner or the cyber defense um yeah maybe just hop back and forth between those actually because i don't know i find this to be a lot of fun it's cool to get the interaction with folks and and most people say that this seems to help them a decent amount so i think it's i think it's pretty cool all right uh if anybody else has any other comments throw them in now uh and if not then uh we'll go ahead and wrap this up hope everybody has a good uh rest of the week uh remember i said we'll have another one next wednesday with kiki and i think um i might do one myself this friday depending upon um if i have any free time on friday or not so all right uh chat with everybody later all right

Info

Channel: CyberInsight

Views: 5,698

Rating: undefined out of 5

Keywords: tryhackme active directory, tryhackme active directory tutorial, tryhackme pentest+, comptia pentest+ lab, pentest+ active directory, tryhackme pentest+ AD, hacking Windows AD, hacking Azure, what is NTDS.dit, pentest+ lab, pentest+ active directory lab, tryhackme pentesting, windows tryhackme, windows hacking lab, cyberinsight, Windows security+ lab, tryhackme Windows walkthrough, tryhackme ctf, powershell pentest+ lab, powershell hacking, PT0-002, new pentest+

Id: wyb8BzBTww0

Channel Id: undefined

Length: 59min 6sec (3546 seconds)

Published: Thu May 27 2021