Building an AD Lab, LLMNR Poisoning, and NTLMv2 Cracking with Hashcat

- Welcome.
- Lesson overview.
- Downloading our ISOs.
- Installing Windows Server 2016 and Windows 10.
- Renaming Windows Server 2016.
- Installing VMWare Tools on Server 2016.
- Finishing Windows 10 install.
- Installing Active Directory Domain Services / Downtime Q&A.
- Creating our first domain user.
- Installing VMWare Tools on Windows 10 / Renaming Windows 10.
- Joining Windows 10 machine to domain.
- Setting up a SMB share.
- LLMNR/NBT-NS poisoning overview.
- Using Responder to capture NTLMv2 hashes.
- Cracking NTLMv2 hashes with Hashcat.
- LLMNR poisoning defenses.
- Will you ever do a stream on stack overflows?.
- What is the success rate of LLMNR?.
- Problems with turning LLMNR off?.
- Can you place the mitigation slide back up?.
- How much should you spend on a password cracking rig?.
- Cobalt vs Metasploit vs Empire - your favorite?.
- How do you obfuscate Meterpreter?.
- Does Veil still work?.
- host-apd or eap hammer?.
- Has a customer ever intentionally prevented you from doing your job?.
- Favorite podcasts?.
- Do you put exploited users in a report? Worried about their firing?.
- When is your Many Hats appearance coming out?.
- HackerOne? Bug bounties?.
- Are you married?.
- Bug bounties continued.
- New unconstrained delegation exploit?.
- OWA spraying and lockout.
- Favorite bug bounty?.
- Ever crashed anything on a test?.
- Funny pentest stories?.
- Opinion on the cloud and future pentest demand?.
- What are you looking for when you hire a pentester?.
- Is pentesting looked down upon?.
- I want to be a pentester because it's intense, is that a good reason?.
- What is the OSCP good for?.
- Thoughts on practical assessments for job hiring?.
- SOC or Pentesting??.
- CEH vs OSCP?.
- Interview process part 2.
- Salary expectations.
- Thoughts on CISSP.
- Salaries revisited.
- Thoughts on AWAE?.
- Projects to put on a resume?.
- Thoughts on WAPT/eWPT?.
- Home firewalls?.
- Interview process part 3.
- eLearnSecurity discussion.