This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
内容由Brian Johnson提供。所有播客内容(包括剧集、图形和播客描述)均由 Brian Johnson 或其播客平台合作伙伴直接上传和提供。如果您认为有人在未经您许可的情况下使用您的受版权保护的作品,您可以按照此处概述的流程进行操作https://zh.player.fm/legal。
Player FM -播客应用
使用Player FM应用程序离线!
使用Player FM应用程序离线!
7MS #456: Certified Red Team Professional - Part 4
Manage episode 285912211 series 1288763
内容由Brian Johnson提供。所有播客内容(包括剧集、图形和播客描述)均由 Brian Johnson 或其播客平台合作伙伴直接上传和提供。如果您认为有人在未经您许可的情况下使用您的受版权保护的作品,您可以按照此处概述的流程进行操作https://zh.player.fm/legal。
Hello friends! Today, Joe (Gh0sthax) and I complete our series on CRTP - Certified Red Team Professional - a really awesome pentesting training and exam based squarely on Microsoft tools and tradecraft. Specifically, Joe and I talk about:
- We don't think the training/exam is for beginners, despite how its advertised
- Both the lab PDF and PowerPoint have their own quirks - which may ultimately be teaching us not to be copy-and-paste jockeys, and instead build our own study guides and cheat sheets
- Don't let the training give you the idea that most pentests have a super fast escalation path to DA (ok yes sometimes they do, but usually we spend a LOT of hours working on escalation!)
- Watch the walkthrough videos. We repeat: WATCH THE WALKTHROUGH VIDEOS!
- Although not required, we highly recommend capturing all the flags laid out for you in the lab environment
- Know how to privesc - using multiple tools/methods
- It would be to your advantage to understand how to view/manipulate Active directory information in multiple ways
- You start the exam with no tools. So how will you be ready to upload/download tools into the exam environment so you make the most of your exam time?
- Tool X might give you wrong results - or none at all - in the lab. Do you have a backup tool Y and Z that can serve the same purpose?
- You want to be very good at Kerberos ticket crafting!
- Know all the mimikatz commands and switches and when to apply them
620集单集
Manage episode 285912211 series 1288763
内容由Brian Johnson提供。所有播客内容(包括剧集、图形和播客描述)均由 Brian Johnson 或其播客平台合作伙伴直接上传和提供。如果您认为有人在未经您许可的情况下使用您的受版权保护的作品,您可以按照此处概述的流程进行操作https://zh.player.fm/legal。
Hello friends! Today, Joe (Gh0sthax) and I complete our series on CRTP - Certified Red Team Professional - a really awesome pentesting training and exam based squarely on Microsoft tools and tradecraft. Specifically, Joe and I talk about:
- We don't think the training/exam is for beginners, despite how its advertised
- Both the lab PDF and PowerPoint have their own quirks - which may ultimately be teaching us not to be copy-and-paste jockeys, and instead build our own study guides and cheat sheets
- Don't let the training give you the idea that most pentests have a super fast escalation path to DA (ok yes sometimes they do, but usually we spend a LOT of hours working on escalation!)
- Watch the walkthrough videos. We repeat: WATCH THE WALKTHROUGH VIDEOS!
- Although not required, we highly recommend capturing all the flags laid out for you in the lab environment
- Know how to privesc - using multiple tools/methods
- It would be to your advantage to understand how to view/manipulate Active directory information in multiple ways
- You start the exam with no tools. So how will you be ready to upload/download tools into the exam environment so you make the most of your exam time?
- Tool X might give you wrong results - or none at all - in the lab. Do you have a backup tool Y and Z that can serve the same purpose?
- You want to be very good at Kerberos ticket crafting!
- Know all the mimikatz commands and switches and when to apply them
620集单集
所有剧集
×欢迎使用Player FM
Player FM正在网上搜索高质量的播客,以便您现在享受。它是最好的播客应用程序,适用于安卓、iPhone和网络。注册以跨设备同步订阅。