Zero to Hero - MS17-010-EternalBlue, GPP-cPasswords, and Kerberoasting

- Welcome.
- Quick housekeeping.
- Scanning our targets.
- Reviewing nmap results for Blue.
- Checking for MS17-010 w/ nmap.
- Exploiting MS17-010 w/ Metasploit and post enumeration.
- Reviewing nmap results for Active.
- Extracting data w/ smbclient.
- GPP/cPassword overview/exploitation.
- Kerberoasting and post enumeration.
- How old is the GPP exploit?.
- Are you running Windows on VM?.
- Is the OSCP still worth it for HR purposes?.
- What sort of credentials to get into pentesting from military?.
- Does Metasploit leave remnants?.
- Errors on GetUsersSPN?.
- Bug bounty hunting certs?.
- Pass the Kerberos hash?.
- Is it better to start on externals before internals?.
- Internal pentest resources?.
- Any experience w/ Rapid7?.
- How fast is your cracking rig?.
- Have you used Commando?.
- Bug bounties for internal?.
- Powershell on assessments?.
- Have you done any Bluetooth attacks?.
- How would I go about starting my own consulting company / business advice?.
- What is your computer setup like?.
- RFID hacking?.
- Finding talent to start a company / do you have to work X amount of years before starting a business.
- Thoughts on cloud certifications?.
- Network vs Web Pentesting in terms of pay, jobs, etc?.
- CS or IT major in college to become a pentester?.
- Is the US the best country to work in for cybersecurity?.
- Is PentesterLab more web app or network focused?.
- Is the Web Application Hacker's Handbook still relevant?.
- Do you run a gaming router?.
- How are you planning to charge companies?.
- Phishing tools?.
- Any assessments that have stumped you?.
- Any wifi stories?.
- Does the blue team actively try to stop you in assessments?.
- Have you ever crashed a server?.