Forwarded from SHELL SHOCK
https://www.udemy.com/course/web-server-hacking-for-ethical-hacking/?couponCode=WHACK19
https://www.udemy.com/course/digital-forensics-for-ethical-hacking-course/?couponCode=DIGITAL-FORENSICS
https://www.udemy.com/course/cyber-security-web-application-exploitation/?couponCode=CYBER-HACK
https://www.udemy.com/course/ethical-hacking-artifacts-course/?couponCode=BE-HACKER
https://www.udemy.com/course/digital-forensics-for-ethical-hacking-course/?couponCode=DIGITAL-FORENSICS
https://www.udemy.com/course/cyber-security-web-application-exploitation/?couponCode=CYBER-HACK
https://www.udemy.com/course/ethical-hacking-artifacts-course/?couponCode=BE-HACKER
Udemy
Web Server Hacking For Ethical Hacking
Comprehensive course! A beginner's web hacking course.
HTB - Cascade
00:00 - Intro
00:50 - Begin of nmap
02:45 - Enumerating RPC to identify usernames
04:45 - Setting up a bruteforce and creating a custom wordlist with hashcat
08:45 - Enumerating LDAP with LDAPSEARCH
10:55 - Discovering the cascadeLegacyPwd LDAP Attribute which has a password
12:45 - Using CrackMapExec to test the credential found in LDAP
14:30 - Installing the latest CrackMapExec to gain access to the Spider_Plus Module
17:30 - Using the spider_plus module of CME (CrackMapExec) to crawl the SMB Share as R.Thompson
20:10 - Mounting the SMB Share as R.Thompson in order to view the files in Data share
26:10 - Discovering the VNC Install.reg file which contains an encrypted password
30:10 - Using Metasploit IRB to decrypt TightVNC's password
32:30 - Using the VNC Password to gain a WinRM Session to Cascade as s.smith discovering he is in the Audit Group
37:20 - Using DNSPY to decompile the CascAudit DotNet application
39:50 - Setting a breakpoint in DNSPY where the password is decrypted and viewing the variable after it decrypts the pw
42:10 - Gaining e remote shell as ArkSvc to discover this user is in the AD Recycle Bin Group
43:10 - Viewing deleted Active Directory items to see the TempAdmin has the CascadeLegacyPwd field and discovering this is the PW for administrator
https://www.youtube.com/watch?v=mr-fsVLoQGw
🧬 @Phantasm_Lab
00:00 - Intro
00:50 - Begin of nmap
02:45 - Enumerating RPC to identify usernames
04:45 - Setting up a bruteforce and creating a custom wordlist with hashcat
08:45 - Enumerating LDAP with LDAPSEARCH
10:55 - Discovering the cascadeLegacyPwd LDAP Attribute which has a password
12:45 - Using CrackMapExec to test the credential found in LDAP
14:30 - Installing the latest CrackMapExec to gain access to the Spider_Plus Module
17:30 - Using the spider_plus module of CME (CrackMapExec) to crawl the SMB Share as R.Thompson
20:10 - Mounting the SMB Share as R.Thompson in order to view the files in Data share
26:10 - Discovering the VNC Install.reg file which contains an encrypted password
30:10 - Using Metasploit IRB to decrypt TightVNC's password
32:30 - Using the VNC Password to gain a WinRM Session to Cascade as s.smith discovering he is in the Audit Group
37:20 - Using DNSPY to decompile the CascAudit DotNet application
39:50 - Setting a breakpoint in DNSPY where the password is decrypted and viewing the variable after it decrypts the pw
42:10 - Gaining e remote shell as ArkSvc to discover this user is in the AD Recycle Bin Group
43:10 - Viewing deleted Active Directory items to see the TempAdmin has the CascadeLegacyPwd field and discovering this is the PW for administrator
https://www.youtube.com/watch?v=mr-fsVLoQGw
🧬 @Phantasm_Lab
YouTube
HackTheBox - Cascade
00:00 - Intro
00:50 - Begin of nmap
02:45 - Enumerating RPC to identify usernames
04:45 - Setting up a bruteforce and creating a custom wordlist with hashcat
08:45 - Enumerating LDAP with LDAPSEARCH
10:55 - Discovering the cascadeLegacyPwd LDAP Attribute…
00:50 - Begin of nmap
02:45 - Enumerating RPC to identify usernames
04:45 - Setting up a bruteforce and creating a custom wordlist with hashcat
08:45 - Enumerating LDAP with LDAPSEARCH
10:55 - Discovering the cascadeLegacyPwd LDAP Attribute…
Falta de pessoal de cibersegurança afeta 70% das organizações
https://www.cisoadvisor.com.br/falta-de-pessoal-em-ciberseguranca-afeta-70-das-organizacoes/
A falta de mão de obra para segurança da informação e cibersegurança ocorreu em 70% das empresas, indica uma pesquisa publicada pelo Enterprise Strategy Group (ESG) e pela Information Systems Security Association (ISSA). Ela foi feita com entrevistas de 327 profissionais de segurança (92% da América do Norte, 4% da Europa, 3% da Ásia e 1% da América Latina). Pelas respostas, cerca de 45% acreditam que a escassez de habilidades em segurança cibernética piorou nos últimos anos, enquanto 48% dizem que a situação não mudou – apenas 7% acreditam que as coisas melhoraram.https://www.cisoadvisor.com.br/falta-de-pessoal-em-ciberseguranca-afeta-70-das-organizacoes/
CISO Advisor
Falta de pessoal de cibersegurança afeta 70% das organizações
As causas são muitas, variando desde falta de treinamento até falta de oportunidades de evolução nas empresas