Holy schnikes - this episode is actually 7 minutes long! What a concept!
Anyway, today I give you a couple tips that have helped me pwn some internal networks the last few weeks, including:
-
Getting a second (and third?) opinion on Active Directory Certificate Services vulnerabilities!
-
Analyzing the root domain object in BloodHound to find some misconfigs that might equal instant domain admin access!