Recently passed my OSCP. I owe at least part of that to these videos. You have such a great cadence and way of speaking/teaching. Thank you
@derronc
Ай бұрын
Congratulations! 🎉 and thank you very much, I'm so glad to hear these helped you in your journey
@ianp6742
11 ай бұрын
This is a fantastic walk through. Very detailed and you did a good job of explaining your methodology and thought process. I am retaking the OSCP in December, this video will help me succeed and I would love to see more attack paths from you.
@derronc
11 ай бұрын
thanks so much, I'm glad it helps. Best of luck on your retake!! I'll try and post another attack path soon.
@takatoekoe
6 ай бұрын
Do you have the eJPT cert? also did u pass the OSCP?
@dasskanal2343
24 күн бұрын
Agree passed my OSCP 3 weeks ago watched your AD content 2-3 times and just want to say thanks bro
@derronc
19 күн бұрын
Congrats!!! That's awesome and I love to hear the content helped you on your journey ❤️
@michael5743
3 ай бұрын
Derron, you've got to do more of these!! You're an amazing teacher man. Thank you!
@gwalchmei
5 ай бұрын
I don't often comment on videos but I simply have to say that your material is absolutely phenomenal. Am preparing to take the OSCP and wanted to really get practice in and you came through in such a big way (in the way that there's no way I can go forward in cybersecurity without acknowledging how important your guides have been). I adapted your setup to run on proxmox and I wanted to say thank you very much :)
Future Offsec teacher right here man! This is the second video of yours I've watched and 2/2 your killing it man. Pure GOLD!!!! Your helping at least one person out beyond measure! Have my sub :)
@claymoody
2 ай бұрын
this was great. excellent setup, explanation, and note taking. thanks for taking the time to put this together and share
@bramha7
3 ай бұрын
Hey man! I just watch your oscp AD and I got impressed with your explaination. Its' 10 out of 10. Hope to see more of you in upcoming days💌🥰
@CyberSecAfterDark
3 ай бұрын
Gotta say, more than being good informative and easy on the ears, the video is just entertaining to watch which is more than you can say for any other video like this, keep it up and we will keep watching!!
@derronc
Ай бұрын
Thank you! I try to make content with some personality and I'm glad to hear it helps
@MotivationbyDesign
10 ай бұрын
great video. I think the way you go through it is both entertaining and very informational.
@cy_wareye7395
11 ай бұрын
i learn lot new stuff about Windows enumeration from this video
@Ibr8kThingz
7 ай бұрын
Outstanding content and well explained! I'm all for fresh content! Thanks so much for sharing. It's greatly helpful for a fellow student like myself prepping for the OSCP.
@nicksmith5400
4 ай бұрын
I have my OSCP retempt comming up tomorrow and I have been using your videos the last few weeks to study with. Really great stuff, the way offsec explains AD seems overly complicated. I just needed DA then I think I had it my last attempt, so fingers crossed we get it this time :) Thanks for the videos, please make more!
@derronc
4 ай бұрын
much thanks for those kind words and best of luck tomorrow!!! you got this
@daddyyankeee4477
4 ай бұрын
Were you able to make it brother?
@romilthakkar404
7 ай бұрын
Keep making these man! Loved it… I failed OsCP on first attempt because of AD section. I pawned the first one, created tunnel as well.. and forgot about routing! If I would have done routing, I would have passed! I knew all the things but didnt know about tunnel and routing properly. Thanks a lot 👍
@elilanz
7 ай бұрын
When did you took your exam? Seems I can join some dots in your statement
@romilthakkar404
7 ай бұрын
@@elilanz End of July 2023.
@elilanz
7 ай бұрын
@@romilthakkar404 aah okay okay
@etcissue8965
11 ай бұрын
Awesome video!!! One of the best i have ever seen!! keep going for next videos!!!
@derekr4132
6 ай бұрын
Bro. Your methodology and flow is much appreciated. Do you have a OSCP cheatsheet that you care to share?
@martinlastname8548
4 ай бұрын
I have been watching this for two days writing up an attack plan and tool list on Obsidian
@monsterkush11
11 ай бұрын
Thank you . Learned about some new tools and more about windows . Great content
@PirateKage
Ай бұрын
dude.. i am wayyy far from even understanding OSCP. but no issues, ill get there one day (way more to learn), i can understand what he is saying and doing but, how the heck he is getting what to do next. no wonder this field requires experience.
@lloydchan9606
10 ай бұрын
Subscribed within the first minute, i can't believe this stuff is free. Thank you!
@derronc
10 ай бұрын
Thanks for the sub! I'm so glad you appreciate the content
@zribianas4010
Ай бұрын
Truly excellent and beneficial. I greatly appreciate your fantastic content.
@podavu7044
11 ай бұрын
I love the methodology ! Thank you for this amazing content
@derronc
11 ай бұрын
my pleasure! I'm glad you enjoy it
@sweno9007
11 ай бұрын
thank you very much for the video very clear loved every minute
@derronc
11 ай бұрын
You're very welcome and thanks for the feedback!
@mpotisambo2465
11 ай бұрын
man man man thanks for the content once again
@derronc
11 ай бұрын
I'm so glad it was helpful!
@AnkitKumar-px6dr
4 ай бұрын
Thank you for such great insight into the scenario loved every bit of it
@gnuPirate
5 ай бұрын
Really awesome topic really well covered. Instant sub. Looking forward to working through this.
@jasond580
11 ай бұрын
Thank you for this. Very helpful!
@0xolv069
11 ай бұрын
This walk through is amazing thank you a lot
@arashgudarzi2623
2 ай бұрын
really liked the video, hoping for more, learned alot from it
@gabrydanto778
7 ай бұрын
Very fantastic walktrough🎉 Superman 😮
@Ravindunethsara
10 ай бұрын
Great content. Correction @1.42 .zip file cracked with JTR
@infosecrisk5393
11 ай бұрын
Really nice and helpful. Thanks a lot for your awesome content.
@truth_4lif399
11 ай бұрын
That was just awesome 👌 👏 👍🏾 🔥 🔥
@IntroMakerNET
9 ай бұрын
Two strange things on this lab: 1) You find a .exe file and you're immediately suspecting that .exe is running on the server, I mean why? 2) Why would someone look for a .txt file specifically in one users folder? I mean, I could take it if you do it from c:\users, but in a specific user's folder? That was too specific. This kind of things makes me think if I'm in the right path. I don't think I would pass this test. Anyway, thank you for the video, it's great.
@charlesnathansmith
5 ай бұрын
It's a new server install so there probably aren't random user files in an upload directory. It's not unreasonable to assume the admin uploaded it with the intention of running it on the server or somewhere proximal so that he wants easy access to it. That could be a wrong assumption, but it would make sense enough to look into. Esp with an exam or CTF, there can be a few red herrings but most unusual things you find are there to clue you onto something Also, exams and CTFs usually have user and admin flags you're supposed to find in standard places. You should always rummage through any user files you have access to anyway because in real life people leave all kinds of important things lying around and challenge authors often try to mimick that
@LakeE.
3 ай бұрын
How does he immediately suspect the binary is running on the server? He takes the information received from the nmap scan which showed a port sending information that matches with the exploit code which gives reason to believe that the software is running on the server.
@mattlai443
Ай бұрын
this is wt makes oscp worthless, all presumed and weird setup never happen in real life
@gunnar-ai
Ай бұрын
Cut my man a break 🤣
@strongshiv8
11 ай бұрын
Very detailed Explained , I Enjoyed every bit of it !
@jackkelly6890
6 ай бұрын
Excellent tutorial. Maybe the most useful AD tutorial for OSCP on youtube! Hopefully plan to give back once I pass. Thankyou for the effort you've put in here. Did you build the labs yourself?
@derronc
6 ай бұрын
so glad it has been helpful! I did build these myself, as a result of not finding much practice material out there.
@infosecabdul
10 ай бұрын
Well explained and demonstrated. Followed through till the end. Thank you
@Lucas-n3l7n
8 ай бұрын
THIS IS PURE GOLD! THANK YOU MASTER! 🙏
@drewalleman
11 ай бұрын
Helpful thanks!
@Foobar1835
6 ай бұрын
great video. did you create the vulnerable machines or were they premade?
@derronc
6 ай бұрын
thank you! I built all these machines from scratch and include the how-to guide in my video series. that way you can build them too :)
@ashleyscott7762
8 ай бұрын
Really good run through; I am currently running through some courses with TCM to get up to a proficient standard to do my oscp. Any advice you would pass on and also how long did it take you to feel confident and what would you do differently now you are at this point? Thanks
@ashishratnawat2711
11 ай бұрын
thank you
@vidazsolt9685
12 күн бұрын
It was very interesting, thank you! I didn't catch how you knew that lord_business was logged in on ms02. Could you please clarify it? If I understand well, you couldn't get his plain text password if he would be logged off. Is that right?
@0xarun
10 ай бұрын
Great shot!
@1a4s4l7
11 ай бұрын
This is fantastic!
@TienNguyenXuan-so6vl
4 ай бұрын
Love your mindset!
@vedanttare9425
5 ай бұрын
Awesome walkthrough! Really interesting and engaging. Wanted to know, What is the configuration of your kali OS? How much RAM have you given it as well as memory? Also, how much RAM does your actual system have? Because my Kali lags so much when there is firefox, burp and other tools running simultaneously. Just curious as its really frustrating to work with a slow kali sometimes.
@derronc
5 ай бұрын
Thanks for the feedback! when it comes to the VMs... I've been deploying the .ova from kali.org/get-kali and 4cpu / 4GB memory. I've run into issues with vmware workstation and my macbook a few times and had to reinstall macOS just to get rid of glitchy behavior 😭
@achillesmyrmidon4424
7 ай бұрын
Hi @derronc, halfway in your vid and it is super nice so far. Do you have any tips for terminal logger? Or it is not that important with logger?
@AlexSec
10 ай бұрын
Love it! Good job.
@LightAura
5 ай бұрын
Great walkthrough, but there is one thing I don't understand. @23:15 you modified the exploit to run certutil.exe with some arguments. How does this work when the string you are typing is not run in CMD or PowerShell? As far as I understood, you are typing in the start menu, so it's a search bar.
@NostalgiaModding
Ай бұрын
Your videos are super helpful. Will you make any more?
@derronc
Ай бұрын
I have been wanting to create some more content, but life has been quite the rollercoaster this year! Hopefully you'll see some content in the near future 🤞
@NostalgiaModding
Ай бұрын
@@derronc Awesome to hear brother!
@ihuang694
3 ай бұрын
you are the best!
@snarfallymunchacen85
5 ай бұрын
This was a great lesson for me..
@kevinhoy6838
6 ай бұрын
Hell yeah!! Thank you!!
@AMINE_47
11 ай бұрын
Really nice content , please where can i find a similiar environnement
@derronc
11 ай бұрын
Aside from my video on how to build the lab, I had a hard time finding this type of material as well. I was only able to find bits and pieces, but nothing that would take me through the entire process. I may share another scenario in the future.
@oliviermenager9702
11 ай бұрын
Top content. Congratulations.
@kallikantzaros
13 күн бұрын
Is OSCP exam really like this? I mean, more or less, similar path, methodology, commands, exploits...
@snarfallymunchacen85
5 ай бұрын
Have you used netexec in place of crackmap? thoughts?
@lemarou
10 ай бұрын
Great video! Your content is awesome and really informative. However, I'm currently stuck with the OpenVPN configuration. Any additional tips would be greatly appreciated. Thanks!
@I_Unintentionally_Morph
4 ай бұрын
wow thank you
@0xn4if
2 ай бұрын
May I ask you we set a service principal name for svc_iis and we catch wyldstyle using kerberoasting attack how these users related together ?
@0xn4if
2 ай бұрын
Okay I understand now
@cvport8155
10 ай бұрын
Please make more vd for advanced techniques red team and ad attack good work bro ❤
@derronc
10 ай бұрын
thank you! I'm currently working on posting another attack path soon 😊
@orca2162
7 ай бұрын
Great video, thank u ❤
@extraordinay
11 ай бұрын
Thank you sir, can you do some cryphotgraphy ctf too?
@derronc
11 ай бұрын
ooo I hadn't really thought about that. I can't say I'm great at it, but I'll keep this in mind for the future. thanks for the suggestion!
@abhishekajit1611
2 ай бұрын
Can someone tell me is installing and using tools prebuild by someone allowed during the OSCP? Like can we install the tools after the exam started?
@derronc
Ай бұрын
yes, you absolutely can. Just be aware of the exam rules as they outline you cannot use auto exploitation tools like sqlmap
@ickoxii
11 ай бұрын
nice video! what terminal emulator do you use?
@derronc
10 ай бұрын
thanks! I like iterm2 but the terminal I used in the video is just the default kali terminal
@TaelurAlexis
19 күн бұрын
The way I perform password spraying across a network of hosts in a lab is by specifying the CIDR range like crackmapexec smb 192.0.0.0/24 -u users -p passwords! :)
@derronc
19 күн бұрын
yep, that is a great way to cover an entire subnet :) Thankfully when it comes to the OSCP you will know what the IP addresses are (based on the flag submission menu) so you can immediately narrow down your scope
@fatewalker6463
10 ай бұрын
Nice video, just a reminder, cached domain hashes cant be used for PASS THE HASH
@derronc
10 ай бұрын
yes, there are so many nuances to pth that it can get confusing. I'm not sure if I misspoke in this video but just to be clear for anyone reading: NTLM hashes can be passed, NTLMv2 hashes can't. NTLM hashes can only be passed if the environment hasn't been secured against it, and even then there are caveats. I think I'm going to include some examples in my next video to help illustrate. thank you for the feeback!
@digitalforensicsalam4009
2 ай бұрын
More video upload oscp
@anaykamal4499
6 ай бұрын
Is winpeas allowed in OSCP?
@derronc
5 ай бұрын
it is! It's actually the most used enumeration tool on the OSCP :)
@basictodynamic6590
10 ай бұрын
i am wondering, you are not able to ping ms02, but able to do nmap without -Pn flag.
@derronc
10 ай бұрын
that's a great point and something I didn't think too much about at the time. but you're right, the Windows firewall was blocking icmp but somehow... nmap decided it didn't care and it ran the scan anyway 🤷♂️
@devakabari
7 ай бұрын
cool
@koushiksuthar95
8 ай бұрын
Is it possible to download your lab setup?
@intruder70
9 ай бұрын
i wanna see about OSWE, can you show please?😢
@derronc
9 ай бұрын
perhaps in the future; I don't have my OSWE but if/when I do go for it I'll try and share some insights :)
@TamponiMapei
10 ай бұрын
so is evilwinrm considered a stable shell? for getting the point on oscp a winrm shell is enought or we should rev shell it via pivoting?
@derronc
10 ай бұрын
that's a great question, thank you for asking! I can tell you that I used evil-winrm in my OSCP exam and was given credit. That said, if you have the time and want to go the extra credit you could totally use evil-winrm to upload a reverse shell payload and then execute it to call back home. BUT if you do that you'll need to port forward through MS01 to get back to your kali machine. I might try that out in a future video just to show how to do it.
@TamponiMapei
10 ай бұрын
thanks for the answer, during my last attempt I spent 40minutes trying to rev shell via pivoting haha, this time I will go by evilwinrm, thanks@@derronc
@pppkenken6610
10 ай бұрын
Makes path
@gnuhatt
10 ай бұрын
ur keyboard sounds like drum😂
@derronc
10 ай бұрын
it totally does!! my apologies for that, it annoys me too. I'm upgrading my mic to hopefully remove/reduce the drumming 😂
@Supertester-ww1qy
Ай бұрын
28:00
@benyicl92
2 ай бұрын
1:44:10
@sandiproy9810
11 ай бұрын
😀😀😀😀😀😀😀😀😀😀😀😀😀😀😀😀😀😀😀😀😀😀
@shaggyasir
8 ай бұрын
Nice vid
@briangrier3287
11 ай бұрын
Actual GOAT, watched video start to finish! Seeing your step by step process and methodology completing these 3 boxes was super inspiring! W video, please keep this content coming!
@derronc
11 ай бұрын
Thank you so much, I appreciate the compliment!! I'll try and post some more content soon
@ministeredelacybersecurite7074
5 ай бұрын
@@derronc Please make more awesome!
@longtran7196
11 ай бұрын
How wonderful knowledge ! Love this every minute
@sandiproy9810
11 ай бұрын
hey please make other attack path video as soon as possible
@mikedunn330
10 ай бұрын
Without a doubt the most helpful thing I've seen! Taking your time and explaining "why" you're running commands was awesome. Thank you so much. I will be watching more of your content.
@Supertester-ww1qy
2 ай бұрын
Love it! Good job.
@arashgudarzi2623
2 ай бұрын
it just is in my mind, why didn't you send a Meterpreter shell, or get the reverse shell with the metasploit so that you can elevate it to meterpreter and do the fun stuff with it ? is there something that im missing ?
@derronc
Ай бұрын
you're only allowed to use metasploit/meterpreter against one target on the actual exam. ideally you should be able to accomplish all your exploits without it, however it is there as a nice fallback if you get stuck
@ferasalfarsi897
11 ай бұрын
Please, continue!
@aaryanbhagat4852
9 ай бұрын
These playthroughs are worth it, very nicely explained, even the thought process!
@IAmWrk_
6 ай бұрын
2).Hey man don’t be discouraged, it comes from practicing and familiarity of common human habits. I happen to work in a Windows IT environment, Most people save important documents right in their desktop or in documents folder (Linux users do too). This would spark my interest in checking those folders first if i get user access to a box 1)Working in windows you notice exe files and ps files often work without needing to install an outside source “bash” for example you need the pc to have bash to run bash scripts, if you don’t have admin priv it’s harder to install bash is my understanding I still suck though so i still feel the same as you lol doubt ima pass lol
@MentalMarathon_
11 ай бұрын
Thank you for sharing ‼️
@colinrogers9927
11 ай бұрын
This is a great walkthrough. I watched your previous video about setup and I ran in to a lot of perm issues when getting foothold on this video
@derronc
11 ай бұрын
oh no! can you elaborate on the permission issues? I will do my best to help
@colinrogers9927
11 ай бұрын
@@derronc essentially everything is caught by the av even if tamper is turned off.
@corsicana6868
18 күн бұрын
Your vids are a gold mine. Earned a sub!
@dgoncalo
11 ай бұрын
Great content! Just one question, why no minimatz?
@derronc
11 ай бұрын
that's a great question! I do use mimikatz for many of my scenarios, but this one in particular I wanted to try and do a lot of things remotely from the kali machine. so I opted for impacket-secretsdump instead. I just think of it as remote mimikatz 😂 I appreciate the question, I think I'll make a future video with different tactics: including mimikatz
@sandiproy9810
11 ай бұрын
@@derronc kerberoasting and asreproasting part would a lot clear if u use bloodhound as for ms02 machine u have smb access. and that would be better when someone sees the gui and that kind of stuffs.
@vlad7269
10 ай бұрын
Better than my teachers at university...
@J_B-jh4ke
6 ай бұрын
At DC machine, let pass the hash with 0:NT_hash . I think it works because you lost LM_hash in form of ntlm in set of exec tool
@derronc
6 ай бұрын
great catch! Yes, you can split the hash and only need to use the NT piece for pass-the-hash. LM is around for backwards compatibility and can't be passed but can be easily cracked (with the right wordlist/rules)
@obipixel
7 ай бұрын
Great work dude. Do you perhaps have the virtual machines as a setup I can use to practice with?
@obipixel
7 ай бұрын
I ask because I have my own labs I use to teach students. I’m missing a good one for Active Directory.
Пікірлер: 169