Download "Практические приемы этичного хакинга. Часть 3: Linux, Windows и анализ Active Directory"

"videoThumbnail Практические приемы этичного хакинга. Часть 3: Linux, Windows и анализ Active Directory

7:20

Прохождение Sizzle

9:40

Начальное сканирование

10:25

Файловый сервер с систем Linux и Windows

12:11

Атака на файловый сервер

15:41

Сертификаты

17:18

Запрос сертификата

32:09

Мы посмотрели, как

35:56

Курсы по информационной безопасности

SWIFT - 27. Протоколы. Часть 1

SWIFT - 27. Протоколы. Часть 1

Channel: Alex Skutarenko

Работа в программе Google Sketchup

Работа в программе Google Sketchup

Channel: SpecialistTV

87 - shouldComponentUpdate, PureComponent, memo - React JS

87 - shouldComponentUpdate, PureComponent, memo - React JS

Channel: IT-KAMASUTRA

SolidWorks. Сборка сверху-вниз. Болтовое соединение с резьбой М20. Чертеж | Роман Саляхутдинов

SolidWorks. Сборка сверху-вниз. Болтовое соединение с резьбой М20. Чертеж | Роман Саляхутдинов

Channel: Роман Саляхутдинов - Центр Обучения САПР

83 - React JS - подключаем reselect (reselect часть 3)

83 - React JS - подключаем reselect (reselect часть 3)

Channel: IT-KAMASUTRA

Как учиться на программиста и не потерять мотивацию? Что делать если нет мотивации?

Как учиться на программиста и не потерять мотивацию? Что делать если нет мотивации?

Channel: IT-KAMASUTRA

Уроки Wilcom ES: Настройки Заполнения Сатин

Уроки Wilcom ES: Настройки Заполнения Сатин

Channel: Broidery

курсы

обучение

Специалист

МГТУ

Баумана

центр

00:00:02

are starting a seminar on practical methods of

00:00:04

ethical

00:00:05

for me, my name is Sergey Blega Beat I am an

00:00:09

information

00:00:11

security destructor, you can go to the Internet

00:00:14

it would be cool Venus to my page

00:00:17

you will get to my page

00:00:18

here it is written specialists work

00:00:20

various courses I conduct and have 1000

00:00:24

hacker analyst

00:00:26

incident investigators penetration testing masters,

00:00:30

in addition to the courses, we have been conducting seminars for the

00:00:35

third and fourth part now we

00:00:38

are at a seminar on formational

00:00:42

security, why does a specialist flock

00:00:45

conduct such seminars, wants to

00:00:49

become famous and tell about courses, but

00:00:52

for some reason I want to become famous, I also want to

00:00:55

tell something that does not fit in the course and there’s a

00:00:59

lot that we can’t cover in the course

00:01:03

and some interesting

00:01:06

or additional questions we’ll discuss at seminars.

00:01:08

Now such seminars I’ll briefly

00:01:12

tell you about the courses and tell you how

00:01:15

practical techniques of ethical hacking

00:01:18

can be used and how they

00:01:21

correspond

00:01:23

to the courses. I’m interested in saying that it’s not

00:01:26

just because we Let's study, look, I'm about

00:01:29

to tell you something

00:01:31

interesting in the courses, we teach this, it's

00:01:36

useful for everyone, but I of course expect that

00:01:38

you have Kolya, such practical experience, you've

00:01:42

already studied as security administrators

00:01:44

before you're going to take the course,

00:01:47

poetically fly pickaxe, and even better yet, you've passed

00:01:50

course poetically fly book such a

00:01:52

sequence of studying

00:01:54

information security

00:01:56

horde than the basis and administration

00:01:59

then how to defend yourself vertifight is not a product

00:02:03

to diffuse only now in this

00:02:05

course study then ethical hackims then I

00:02:09

also hear

00:02:10

and security analysis testing on

00:02:15

NAC projects seminars somewhere here the seminars would

00:02:18

have disappeared before this they were in the wallet saying, I

00:02:23

think I should study or not study, I want to

00:02:28

study, show me how you study and then

00:02:32

maybe I’ll come to courses and there were

00:02:34

such seminars, but now, on the contrary, many

00:02:38

students have graduated and we want to

00:02:41

support them, on the contrary, and accompany them even further

00:02:45

and bring them straight to the

00:02:49

master level and now our seminar is already

00:02:51

going with such a bang

00:02:53

when we study information

00:02:56

security in the specialist center

00:02:58

we prepare first the administrator then

00:03:01

beginners then continuing then

00:03:04

hacker analysts masters at what

00:03:07

level are we preparing preparing at the

00:03:09

cyber level petals of champions you can go to the

00:03:13

specialist’s website to

00:03:16

look news and in news on the

00:03:22

specialist's website on the latch of his

00:03:26

molt the first link just forward we

00:03:31

play Bieber Olympic Games these are our

00:03:33

graduates we have learned now here

00:03:36

we are playing kicking the cyber Olympics by the way

00:03:40

this year we are also playing global

00:03:42

north-south them let them go to the site

00:03:45

they They will tell you that

00:03:47

this year we are also playing as a team,

00:03:50

and why not play according to our

00:03:55

mood, why it hurts, and since we are studying

00:04:01

information security hawking at this level of the world,

00:04:03

let’s

00:04:08

talk at this level and where to study at this level with

00:04:12

yes, we have already learned and all the mustaches

00:04:14

that we read have passed here the platform

00:04:18

is called xbox, what’s good about it is that

00:04:22

there are only tasks and no things, but

00:04:26

there are notes that we did when we were

00:04:30

learning information security and

00:04:32

if you wanted to go to seminars before, you’ve

00:04:35

probably already looked at this site.

00:04:39

and

00:04:42

see what kind of cars there are here, what’s

00:04:46

here on this site, but let’s zarik

00:04:51

and what is the advantage that the platform is

00:04:58

such that it offers you

00:05:01

to practice in the heat of the cars, you read on my

00:05:04

Facebook, maybe this is the

00:05:07

same picture and I say, look

00:05:10

here list of machines and here they have IP

00:05:13

addresses, if you want, you can connect and

00:05:18

you can try to break any of these servers,

00:05:20

get the administrator

00:05:23

or system context

00:05:24

and how to connect to it, and right there on the

00:05:27

site there is access and let’s download now

00:05:32

the connection pack open vpn connect, here

00:05:36

I am connected, here’s mine kali linux here is my

00:05:39

IP address, well, some kind of machine I

00:05:42

have access to

00:05:44

which we will have here, let’s say

00:05:48

this 10 10 10 122 I connect directly from my

00:05:52

browser there, this one 1010

00:05:56

122 I have 100 or what’s connected is

00:05:58

connected let’s break the body sometimes

00:06:01

only it’s one-time how do I enter a

00:06:03

one-time password I don’t have

00:06:05

Elagin tokens I don’t know but nevertheless, if

00:06:09

you want, try to find out and

00:06:11

the humor of this platform is that

00:06:13

no one will tell you how to hack it,

00:06:17

no one will tell you how to hack this machine

00:06:19

because if anyone tells -

00:06:21

the organizers say, oh, you're a spoiler, why are

00:06:24

you doing this, we are then proud of

00:06:26

who hacked who didn't hack our rating

00:06:29

and you taught everyone, they also became hackers themselves, the

00:06:34

cameras themselves, so the excitement is interesting, how can it be that

00:06:38

100 people are evil, the little one didn't

00:06:40

hack it,

00:06:41

I'll re-read the notes from now on

00:06:43

what now and now it’s starting, and suddenly

00:06:50

there’s something else, that is, onions, these numbers,

00:06:53

let’s see where we found nmap, which we

00:06:55

went through the division of the blockade, what

00:06:59

else is there nearby,

00:07:00

we scan, we found nothing, either and

00:07:04

or, and the neighbor doesn’t know the password, and now you

00:07:09

see, yes what questions should I

00:07:10

ask here I’m going on this platform hard

00:07:15

& blogs

00:07:16

I’ve already connected here’s how to vpn get through the

00:07:19

sisal machine why did you say you can’t

00:07:22

tell if it’s gone in the archive

00:07:25

then you can by the way now this

00:07:28

ctr machine is working next week it

00:07:31

will work ctf this is a compress glass

00:07:34

format means you have week 2

00:07:37

maximum 3 and then everything then this machine

00:07:41

will go into the archive and maybe from very well I will

00:07:43

also conduct a seminar and say that

00:07:46

let me show you how to hack this farm

00:07:49

two-factor authentication with

00:07:55

one-time passwords, here is the seminar such a

00:08:00

ruler

00:08:13

as I am going through the machine

00:08:16

Well, of course, this is how I started now and

00:08:19

then scanned

00:08:20

where we have prophecy and here is our course

00:08:23

suite, what was between us, if only we owned it,

00:08:26

we sent it, but when I

00:08:28

pass the machine like this, I make a video, maybe

00:08:31

such a video will also be available to you here

00:08:33

is located with sound, I can

00:08:36

start it like this and just turn off the sound and in

00:08:40

this video I’ll tell you for an hour

00:08:42

or let me go through the cars

00:08:45

in parallel, I’ll comment and I’ll

00:08:52

show you all my actions from the very beginning to the very end if you want to follow me

00:08:55

repeat, at least you repeat before if

00:08:58

we need an archive, but at least just look,

00:09:00

by the way, you can repeat sometimes, and this

00:09:03

is there, and while there are blisters, then you can get access to

00:09:08

archive machines, but the

00:09:12

birth

00:09:13

can be technically complex, yes, I’m

00:09:17

writing something here after me how to shine

00:09:19

and why I’m conducting a seminar

00:09:22

and at the same time there is such a walkthrough

00:09:24

because this is the walkthrough it’s

00:09:28

for professionals who will take it and

00:09:32

at the seminar I’m going to emphasize the most important

00:09:35

points, for example, let’s

00:09:40

say this is the command I wrote

00:09:43

if you went to previous seminars, then

00:09:46

remember the website script spring, but also

00:09:48

execute your version show save

00:09:52

everything in a text file just in case

00:09:54

when there was such a machine season so

00:09:57

he looked at the mothers and saw yes ftp

00:10:01

anonymous access port 80 the website is the

00:10:05

same that doesn’t let us in the password wants and

00:10:08

there’s also active directory and ldap writes a

00:10:12

seminar on simpletons dedicating to the fact that

00:10:15

let's analyze this active

00:10:16

directory and ldap

00:10:18

using a single Daus and Linux all the songs

00:10:23

and that I have a video right now and I'm

00:10:28

watching, I first connected to the swing and

00:10:31

then connect from the windows system,

00:10:35

we scanned the magic drives,

00:10:37

let's go with being carried out, connected and then

00:10:40

moved and how to connect, it looks like a dog

00:10:44

has an smb client, where do I know about it and the

00:10:48

client itself, well, either sandvik from the

00:10:51

administrator are being carried out or studied for a

00:10:53

course on the same there are courses, I’m too lazy, even if I

00:10:55

read, but the teachers conduct

00:10:58

where I will know co2 from above and the season and

00:11:02

I’ll go there for myself, well, it’s on any course

00:11:05

2 hear in the evening you connect to me

00:11:08

the transfer as we see it is

00:11:11

available from linux and the system was carried out by

00:11:21

fangs did not come, maybe you can tell me right away

00:11:24

or write in the chat and ice who there

00:11:26

is a cool radio complex here,

00:11:29

tell me how it happened that I’m

00:11:32

sitting on my Qatari Linux or

00:11:35

my hacker Windows and far away on the

00:11:38

active directory I got on a file server,

00:11:40

why did I suddenly get such relief, how did it

00:11:43

happen that I didn’t enter the password

00:11:46

and now with an empty password I

00:11:47

disconnected knows can anyone

00:11:52

comment someone

00:12:00

carefully writes of course yes there is a guest

00:12:03

included she wine input is not such an

00:12:05

important resource to hide it you

00:12:08

were shown to exit porn incest please

00:12:10

let him and

00:12:12

how to attack the file server we

00:12:16

connected there and what to do next can

00:12:20

only be done in one

00:12:23

we can’t write anything else about a public folder, and that’s what I’m doing, I can’t

00:12:28

see this kind of passage, I need to

00:12:33

take a closer look at the screen, but I’m

00:12:36

planning this kind of attack, I think yes, this is a

00:12:39

public resource, I’ll put

00:12:41

a shortcut, you know this shortcut,

00:12:45

you don’t know they know you, shortcuts on

00:12:49

file and I’ll say that let this

00:12:55

shortcut have an icon and the icon will be on my

00:12:58

server and I’ll write down my IP address and that’s

00:13:00

how I do it,

00:13:02

launch the responder or who is currently

00:13:07

taking a course on security analysis in

00:13:10

metasploit

00:13:11

free porn star recently a seminar even a

00:13:15

victory in a dispute oak forest there are those there modules

00:13:17

one of them respond which means respawning

00:13:19

a program that listens to everything it

00:13:22

can if suddenly someone comes

00:13:25

writes down everything, including the 6th password,

00:13:27

so I open windows, open a

00:13:32

notepad and create this simple

00:13:34

file in scf format, of course, how do

00:13:40

we know that there is format with and

00:13:42

somewhere you need to learn, but from the format

00:13:46

we open google, read, study and this is what

00:13:50

they look like, so we create such a file and

00:13:54

say, you will take the icon from our kali

00:13:57

linux and someone actually looked at us and

00:14:02

connected to us, here’s the video you saw before

00:14:04

Amanda came, here you go, eat

00:14:07

she brought us here please we have

00:14:11

Amanda's hash because we guessed

00:14:14

sf to put on the file server

00:14:16

user Amanda looked in and the hash

00:14:20

was recognized

00:14:21

at a real dentist as will be my

00:14:25

eagles and we'll leave and wait until the real

00:14:27

user comes in.

00:14:28

We have a resource where students and I

00:14:31

exchange information computer and

00:14:33

put a scoop of mail there if the label

00:14:37

has a hash, it’s mandatory, but there’s probably something in the

00:14:41

task scheduler, I don’t know,

00:14:44

but we have hash Amanda, and then who

00:14:48

can tell me who the

00:14:51

preparatory seminar looked at what

00:14:54

to do next? We have a free

00:14:58

seminar now, part 3 of us can go here

00:15:00

We’ve already signed up, we’re taking it, and here

00:15:02

it says the seminar will be of interest to

00:15:04

the listeners, and if there are any

00:15:06

basic techniques, look at them, because I

00:15:09

’ll know that these are basic techniques, you’re a

00:15:12

father, and you watched this seminar

00:15:18

now, you don’t need to watch this seminar, a

00:15:21

stormy stream, watch it, and of course, if you already

00:15:25

which ones were used for security

00:15:27

analysis,

00:15:28

you will tell us where our John Ritter or any

00:15:31

other person turned to and we will get from

00:15:34

this long, incomprehensible hash the

00:15:36

real password, so we got it,

00:15:39

what next and then we carry out the

00:15:42

enumeration, the

00:15:43

course according to would like begins with that

00:15:45

scanning transfers and here I

00:15:49

always tell students it’s not clear

00:15:52

where the line is where is the administration and where is the transfers

00:15:55

because Kotova John Ripper hacked

00:15:58

his team you want to connect to

00:16:02

the computer and you can connect what

00:16:05

is the name of this little ring of the console

00:16:07

that I connected to this saddle

00:16:10

computer and this is an erso from repair server

00:16:15

administration tool you went through

00:16:17

we know versado we practiced any

00:16:22

client is even better I will tell them it is important important

00:16:26

now I know the password of the most ordinary

00:16:28

user and I saw that there is

00:16:31

Mr. Lucky there, that there is sizzler I can

00:16:34

watch even

00:16:35

already good applause

00:16:38

but I want to connect there to

00:16:41

perform commands,

00:16:42

how do I connect, yes, if I can’t

00:16:45

connect there, I can’t because of claims, it can

00:16:47

happen via ftp, they don’t allow an ordinary

00:16:51

user to go to the web server,

00:16:53

the password doesn’t work, you need to know what to

00:16:59

do, in this case,

00:17:03

get a certificate from a

00:17:05

certification authority, we’ll find out the

00:17:06

user’s password and log in using certificate,

00:17:09

you know how to do this, but it would be useful,

00:17:14

I know if you took it, received a certificate,

00:17:18

certification authorities would come and say

00:17:21

it’s me, Amanda, give me a certificate, why do

00:17:25

you need it, the certification center doesn’t understand

00:17:28

that Amanda, I’m not real, they found out the password,

00:17:31

gave you a certificate, you installed it for yourself,

00:17:34

if you want the details just yes,

00:17:37

here’s how to request a certificate

00:17:39

and what should we do with a certificate then

00:17:42

install a powershell session and you

00:17:47

thought, I remember a long time ago you smuggled

00:17:50

Sergey Pavlovich source bows told

00:17:53

what’s new in the north and I love it, but on the

00:17:57

new server you can now do a power shell

00:18:00

session remotely well it was useful

00:18:05

that we can now

00:18:09

set up such a session, we would also use a password,

00:18:12

because you wanted to log in with a password without

00:18:15

letting the server in, he says, I understand that

00:18:17

you want a power shell session, but you

00:18:21

can’t use a password, give me a certificate, it’s clear that

00:18:25

if now I want to learn this powershell,

00:18:27

I I go to the website of the draft center for courses on

00:18:30

power shell and right away they will tell us, well, here’s

00:18:33

one course for beginners for

00:18:35

intermediate ones, come and the instructor

00:18:37

will explain to you what this is higher up,

00:18:39

someone will say no, I’ll read a book on the Internet

00:18:42

about reading on it came in handy and

00:18:45

what’s on power now sewed that I’m doing this,

00:18:50

I’m using it and writing ndr ps session

00:18:56

inter ps session and that’s all I’m there on this

00:18:59

computer season that I’m a

00:19:02

user there and I have command line

00:19:04

commands I can execute, it seems like I was standing there and

00:19:09

didn’t touch anyone until the server thought it

00:19:14

turned out to be a file storage there is a

00:19:18

hash label, we received a hash with this, we write

00:19:22

a password and then we received a certificate, so we

00:19:25

have it on the controller,

00:19:29

okay, we are holding it back, we are holding it

00:19:35

so that

00:19:37

the antivirus will

00:19:40

not block any suspicious activity, why

00:19:45

because when I connect, I am a

00:19:48

user and I want to further improve it there

00:19:50

attack administrator privileges

00:19:53

because I want to check security, I want to check

00:19:56

all the permissions, and it’s also not someone else’s

00:19:58

server, they themselves wrote to me,

00:20:00

hacking, allowing, so I want with this

00:20:03

permission, but the antivirus will say no, you

00:20:08

can’t

00:20:10

know, this is the Armitage 1st layer,

00:20:14

our third part of the husband’s seminar or

00:20:17

studying and the seminar was separate, so

00:20:20

metasploit carried out their bor

00:20:22

and of course you are already people scientists you will say

00:20:26

we are now a payload we are now a

00:20:28

meter and how we will create

00:20:31

how we will launch it and we will have a meter at the same time

00:20:34

a session on our metasploit framework

00:20:37

and with the help of the metasploit framework and

00:20:40

all hackers the world that has all the

00:20:43

exploits, we’ll take it through this world,

00:20:45

let’s master it and that’s it, but even before the

00:20:50

antivirus doesn’t allow this, I’m the only one who

00:20:55

did this, I

00:20:56

say, let’s say that we have everything there

00:20:59

and the antivirus blocked everything, we were given the

00:21:06

topic of bypassing intrusion detection systems

00:21:09

firewall what we studied in the courses,

00:21:14

yes, we were preparing to become an

00:21:18

analyst,

00:21:19

to become a tester, we studied what we

00:21:24

need to somehow obfuscate schools

00:21:29

like this, we wrote that if it

00:21:32

catches, we need some kind of cryptor that will

00:21:36

do what ours

00:21:40

payload in 3 both and degree c something else

00:21:43

was not mistakenly taken for a

00:21:50

virus by the antivirus and deleted it is not a virus yes it is a

00:21:53

remote administration tool and a

00:21:55

photo for this I tried the fountain and

00:22:00

vision came up and other hackers

00:22:04

tried something else many hackers

00:22:07

pass by and then tell how they

00:22:09

do it they used other means

00:22:12

someone tells someone a friend and

00:22:15

something else I use it you know why the

00:22:18

cape by is in the public domain

00:22:21

downloaded it works well and of

00:22:25

course here’s a video I wrote here

00:22:28

there you are,

00:22:30

and that now the meter has opened, they’ll drag it in,

00:22:33

they introduced themselves, that is, there’s a

00:22:36

domain controller there, there’s politics, there’s an antivirus and the

00:22:39

sher

00:22:40

still opened, and what’s wrong with you, I’m a

00:22:44

regular user, here’s some

00:22:46

Amanda Sheila Wing,

00:22:47

but it’s the meter that’s brought in, and the meter at the same time

00:22:52

this is an administration tool

00:22:54

with great power, you also know that

00:23:00

on this computer a

00:23:02

little bit prevented applocker from fitting

00:23:06

open the course program

00:23:09

windows server administration palm you will

00:23:10

definitely find

00:23:12

your policy applocker needs to be implemented and

00:23:15

can’t you imagine they there machines disappeared

00:23:18

they implemented

00:23:19

from camp I want to run something it won’t

00:23:24

start it was easy to enter this thing,

00:23:28

you know why you just put your

00:23:34

payload not here Amanda where you are

00:23:38

blocked by an antivirus then

00:23:40

blocked by group policy

00:23:43

located in the windows folder before the

00:23:48

windows folder there are subfolders

00:23:50

where anyone can write to a user

00:23:53

it’s easy to check there are such

00:23:56

programs access check or access in un it

00:23:59

seems to us don’t leave it on the computer

00:24:01

either,

00:24:02

here it starts, there’s a case, let’s

00:24:05

check in the windows folder who has what

00:24:07

permissions, but add it and it works,

00:24:13

such

00:24:16

users have write permission and we are not administrators, but

00:24:19

let’s wait, maybe there will be some

00:24:21

folder where everyone can write up to already 1

00:24:25

found to believe of the ticket

00:24:26

users the court can write promised syndicate

00:24:30

users can write some other folders

00:24:33

this is where they can write to us this one here

00:24:36

will tell his father everything to his son he of course

00:24:39

tells it on my machine and on that

00:24:45

machine there are other banks Well, I

00:24:48

checked 1, it coincided, that’s where those

00:24:52

printer driver car Lars is, and that’s where I

00:24:57

put the

00:24:58

obfuscated phantasm, you have a meter for us

00:25:01

with a floor lamp, the request for

00:25:04

pontoon vision bypasses the antivirus, and I

00:25:08

put it here system32 school driver’s

00:25:11

color wheel session,

00:25:16

that’s not all in just the context

00:25:19

of the user there we have a chance,

00:25:22

but now we actually have

00:25:29

exploits from all over the world at our disposal because this

00:25:33

meter brought in can proxy any

00:25:38

hacker tool through itself, you know how to

00:25:42

do this and stayed in the village after the

00:25:47

course on security analysis and will say

00:25:49

of course I know how to analyze it in the above

00:25:53

course, I showed it myself and told only there

00:25:56

it was called and walking is needed and now it

00:25:58

leads to proxying

00:26:00

forwarding is called to build there is such a

00:26:03

module and I did it like on the course and

00:26:07

now let’s raise the proxy and everything that is

00:26:11

only red on the route is zira and through this

00:26:14

meter while the seats

00:26:16

are clear that it’s right on seminar, I don’t want to

00:26:19

teach you these commands,

00:26:21

but the concept idea is clear that the hacker has

00:26:24

the price of the issue, these are the lines that

00:26:27

he, having captured the computer,

00:26:31

can then go further through this computer and all the

00:26:35

tools have been banned by metasploit and he

00:26:37

can send it to this computer, and

00:26:40

then there’s someone will say you want to

00:26:44

collect ladies hashes through a secret given and I

00:26:49

know another utility

00:26:51

that pirelli is written in Python, it

00:26:56

will tell you the same thing here and I will use some other device there, I

00:26:58

will use another exploit,

00:27:01

please do so, the Internet is teeming with such

00:27:04

experts, I have compiled a package secret dunk found it, used it

00:27:09

and got the hash, it’s not a pain,

00:27:13

but the administrator, of course, needs a

00:27:17

big gaff here, if you watch this video,

00:27:20

I was talking about look, let’s

00:27:23

go to the course now, but let’s go somewhere

00:27:25

there on the Internet, we’ll read it,

00:27:35

use it, and now he’s passed the secret, he’s

00:27:38

using it one of the exploits details

00:27:41

now we won’t go into just

00:27:43

the administrator, but what next if we want to

00:27:49

get the context of the Minister of Tarot, let’s

00:27:58

tell me that we need to brute it or

00:28:06

or don’t or we need Amanda in the chest or

00:28:15

I have this hash also in Brussels but what

00:28:19

does brute force brus course mean that a

00:28:22

dictionary is taken with passwords

00:28:23

or it is assumed that there will be some kind of

00:28:25

weak password,

00:28:27

it is considered a cover is considered a pony

00:28:29

secret algorithm, then usually this is 4

00:28:33

we make a hash and check whether the hash matches

00:28:37

or not, but if the administrator’s password

00:28:40

is complex, it will not be in the dictionary

00:28:43

and so that from one character to 15 characters

00:28:46

let us count the USA, you will count to the

00:28:50

power of 10-15 years, so this hash

00:28:54

cannot be confused, but if you wanted

00:29:00

to take a course on the basics of information

00:29:03

security, you will tell us why you need

00:29:06

passwords and it’s also clean;

00:29:16

server and the server itself

00:29:20

doesn’t know the administrator’s password, authentication

00:29:23

is how we do it,

00:29:25

he contacts the server and says if you want, I’ll

00:29:27

prove that I know the password, the server responds,

00:29:30

let’s give you a challenge look, let’s

00:29:35

count it as a flash from your password, let’s

00:29:39

encrypt the

00:29:40

challenge mind for encrypting the ashes of Asher and return it

00:29:42

back to me I’ll check how I don’t know my password myself,

00:29:46

but I know flash I’m from the USA,

00:29:49

we’ll do the check if everything matches, I’ll

00:29:52

give access to boy fresh, my

00:29:57

administrator’s passwords only match and

00:29:59

you’re probably a client who knows the hash because

00:30:02

you know the password, this is what the scheme looks like, but in

00:30:06

fact it’s not necessary to know the hash,

00:30:14

we know the attack it's called Hajj puzzles and

00:30:18

in May Young Cash joined probably

00:30:24

any of my students will say why

00:30:27

you use Sergey Pavlovich visible and

00:30:30

xyg, you yourself said that the course

00:30:33

is in the CIS,

00:30:34

so she can do that too, yes she can do that,

00:30:40

but there are many different programs then

00:30:44

you can execute remote code and psx

00:30:47

use such functionality that is

00:30:48

prohibited on the controller, I tried it and

00:30:51

they said the roles for a reason, we

00:30:54

secundo and how in a real

00:30:55

enterprise what is wm and and I remember

00:31:00

from then when courses on windows server

00:31:03

check now from I spend my husbands less often, well, I

00:31:06

expect that you, too, about w and May, you know

00:31:09

that here you can see that

00:31:14

we have help, give a reason for something about

00:31:19

something about smog, let’s see the heart of the

00:31:22

user account, the company management system,

00:31:28

it not only provides the opportunity

00:31:31

to something then look, it also gives you the

00:31:34

opportunity to execute the same package

00:31:37

package in google and just write them the

00:31:40

hip hop package

00:31:42

right there and you will find the documentation right there,

00:31:44

you’ll figure it out, and there’s

00:31:48

May 2, the language is the same attack posts sections

00:31:52

disgrace the attack completed everything I’m there as an

00:31:55

administrator, a proof of concept from the

00:31:58

desktop, I looked at the server

00:32:02

with evil and the task is completed, well, just like that,

00:32:10

in half an hour

00:32:12

we saw how hacking is carried out, even at

00:32:16

first glance, it’s

00:32:17

secure, it sows right here on the

00:32:21

active directory lines, so at your

00:32:22

enterprise,

00:32:23

well, we saw how it’s done initially and

00:32:27

penetration how

00:32:29

the transfer is carried out using the snmp protocol the file

00:32:32

server can be attacked it’s

00:32:34

raging unexpectedly I

00:32:37

got the certificate they used it

00:32:41

first they got it then they couldn’t

00:32:43

easily use it higher up and it came

00:32:45

in handy they evaded the security system

00:32:51

even when they were studying how applocker works

00:32:54

about the fact that you can place a special

00:32:57

directory and applocker does not work on it, they

00:32:59

know about it, they have done read up up as a

00:33:02

cash, the tools were used by others

00:33:05

every time and a

00:33:07

shark happens that something does not behave as

00:33:11

we expect, then my interest is in this and the hacker

00:33:15

no one will give a guarantee that it will

00:33:18

work what will happen the first time, but

00:33:21

nevertheless, it’s interesting, let

00:33:24

me figure it out better, and in the

00:33:27

end this whole process is completed,

00:33:30

received the

00:33:31

administrator context, the

00:33:34

administrators will be proof of

00:33:36

concept flag ru 100st looked at the

00:33:41

car, maybe there are some questions

00:33:45

good time and for

00:33:47

Evgeniy writes, you need to look in rainbow

00:33:50

tables, yes, you could look in

00:33:53

rainbow tables, which is a good way, but the

00:33:56

rainbow table below is also for 15

00:33:59

characters, if the password is 15 characters in the rainbow

00:34:04

table, they did it for him on all

00:34:06

cosmic scales, although the fact that

00:34:10

rainbow tables help is the question of how

00:34:13

cyber olympiads to play and other olympiads

00:34:17

how our teams will play now the

00:34:21

cyber olympiad is just being formed.

00:34:24

organ on September 7 there will only be a game on

00:34:28

Saturday we will play before that we

00:34:32

will train practice

00:34:34

form a team if you want to

00:34:36

participate

00:34:38

so welcome write me a letter

00:34:40

we have a form fill out the form we and

00:34:44

the director approve the composition then

00:34:47

we train we train then we play

00:34:51

maybe he doesn’t like how earlier

00:34:54

win go to the final

00:34:56

although I also have such experience take the final of

00:34:59

the competition in America it was not in Canada

00:35:01

but even just participating is already good

00:35:06

international competitions

00:35:08

like artillery preparation something like how

00:35:12

we play on different platforms you

00:35:17

write me a letter as you wish to a

00:35:19

corporate email with love to a specialist

00:35:22

as well as all questions and on the course not at the

00:35:26

seminar not tasks you will easily find me

00:35:29

Sergey Lyubavin quite a unique name

00:35:33

add me as a friend

00:35:35

find facebook VKontakte

00:35:37

classmates as convenient for you and so

00:35:39

we will communicate and also always

00:35:43

welcome to the center specialist

00:35:46

with us and seminars with us and the courses are glad

00:35:52

to see you, glad to help you with my

00:35:55

speech Mersin,

00:35:57

thank you all for your participation,

00:35:59

well, there is still time since they came to his boss at the

00:36:02

seminar to ask questions,

00:36:05

communicate, believed in a formal setting,

00:36:08

discuss the seminar, information

00:36:11

security, philosophical questions, we always

00:36:15

have players, too, played hardball,

00:36:21

how long did it take? it takes,

00:36:24

well, what can I say, right now the

00:36:28

latest machine, which one is better than solo,

00:36:31

look, a day ago it came out, so

00:36:35

if you have a question, how is it that

00:36:37

bloom and blockchain technology is there, is it even

00:36:40

possible to hack it

00:36:42

or not blockchain, as I looked, I was

00:36:46

horrified, I immediately ran away and I will say

00:36:49

contact me I may be against the

00:36:54

rules to tell everything in detail Nov and

00:36:57

his portal I will tell you I will give

00:37:00

the direction gives I will say it took me three days to

00:37:03

get there but he is here as you can

00:37:07

see here you can see here

00:37:10

ctr when you which will expire soon as

00:37:13

her they decided for the

00:37:14

very first person the very year

00:37:17

the best hacker million 12 hours 38 minutes

00:37:21

he wanted to be the first in hacking

00:37:26

and then at 22:00 the machine was not

00:37:29

broken

00:37:30

and at 22:00 someone he wanted to be 1 and 1 from on

00:37:33

without a break in brainstorming here so

00:37:36

it goes away, but that’s about it, but there are

00:37:39

simple machines that are not simple for hours, but

00:37:42

there are machines that sit for days, well, of

00:37:45

course I can’t afford to play for 12 hours

00:37:47

without a break and play or play for 22 hours,

00:37:50

no, well, once I look at the markings, I

00:37:55

’ll make the information, I’ll collect it, I’ll go to work to

00:37:59

teach students then in the evening I came what to

00:38:03

do I come I play tanks when I

00:38:07

was in the sidra I

00:38:08

have 2 hours I’ll play the next day

00:38:12

I came again I played as a hobby

00:38:16

such as a game too and a sanction and how lucky I am I do

00:38:21

n’t spend a lot of time,

00:38:24

but then it happens that it doesn’t I definitely

00:38:28

need to think think think I had

00:38:32

some kind of car

00:38:33

or I don’t know what to do I think 10 minutes 20

00:38:38

half an hour to an hour I understand that I don’t know how to

00:38:41

sleep I want to go to sleep and in the morning

00:38:44

they wake up there was a problem I

00:38:46

looked at the same task and what did I you think the mode is

00:38:51

beaten off, the courts are inserted like this and so 5

00:38:53

minutes and decided and I ask if

00:38:56

yesterday in five minutes I decided to be and and decided

00:39:01

often the decision of the one you need to lie down is

00:39:04

all those at once would be a different mood

00:39:06

so here again no one is forcing you

00:39:11

flama no one knows how long you play,

00:39:14

so I’m calm about it, we

00:39:19

have about a car, if it’s complicated, hogan

00:39:23

will take two weeks, but somehow these

00:39:26

green ones will take less time

00:39:30

in the evening, for sure, to the question where can I

00:39:33

see the task from the previous hydra,

00:39:36

just write to Hardy Box to paradise for a

00:39:40

walkthrough

00:39:41

when the car has already passed you can easily find it

00:39:45

on youtube or on various sites

00:39:48

continued by Thai secret singing and it wo

00:39:51

n’t be like that, indicating the main

00:39:55

points it will be just a walkthrough,

00:39:58

but nevertheless, but the essence of the question also

00:40:01

hint, what about the ctf compress token

00:40:04

format one-time password as such, in

00:40:08

principle, perhaps you need to understand that there

00:40:12

is an active directory scheme

00:40:15

to calculate this talking that

00:40:19

was compressed where in the active directory of

00:40:21

the rings you will simply understand the direction

00:40:26

if you read the code on the site, but then

00:40:30

welcome to the

00:40:32

Python programming courses because

00:40:35

Tolkien which is one-time generated

00:40:38

and

00:40:41

from a large sequence and I

00:40:45

have no doubt that after the

00:40:49

security course on the

00:40:54

security course in the application you will find a

00:40:58

goldap injection there if you know even a little about

00:41:01

website security, here is the

00:41:03

injection including a blow to the infection

00:41:06

risk ordered so, this is the motive of the director, it means

00:41:09

labor, you are such an [ __ ],

00:41:10

you know the action, but when you carry out the action with his additional drugs,

00:41:14

you will understand that it is unrealistic and he

00:41:18

pulls out the shares, stop, maybe

00:41:20

you will of course get the whole topic in

00:41:22

real life, I only

00:41:23

managed to get one character out, but

00:41:26

we write a script tag to sort through all the

00:41:30

characters here, of course, if you have

00:41:34

programming skills, then you can

00:41:37

write such a script tag and get

00:41:39

a token,

00:41:40

then say to a hacker, but if you

00:41:43

say, well, no, I’m not a programmer, I

00:41:45

want to be a hacker, I don’t want to be a

00:41:47

programmer,

00:41:48

well, maybe a programmer I need to

00:41:50

be able to write a script for power,

00:41:52

or whatever you want, a script that will

00:41:56

implement blind convection character

00:41:59

by character and why is Python popular

00:42:04

just as a joke and what

00:42:07

Hello World looks like in different languages

00:42:09

da si no ja is there anything else in Python

00:42:12

hello

00:42:13

and then concrete street is always here there

00:42:18

is all blacks installed good

00:42:21

opportunities with sockets

00:42:24

there are quite a lot of guides on

00:42:27

this and a blog of developments I’m not talking about

00:42:30

the boundaries in Python you combine with a

00:42:32

professional in the end,

00:42:34

what can we do if we want to study

00:42:37

information security there is no need to

00:42:39

dive in and move windows and

00:42:41

programming also a little bit on

00:42:44

all the questions at the seminar on the courses they are

00:42:48

tasks but we will stay in touch we will be on

00:42:51

VKontakte everyone success on the path of ethical

00:42:55

speck

Description:

На семинаре вы познакомитесь с продвинутыми техниками анализа безопасности системы. Увидите на практическом примере взлома контроллера домена реализацию различных сценариев: - как выполняется начальное проникновение; - как выполняется перечисление по протоколу SMB; - как может быть атакован файловый сервер; - как используются сертификаты в процессе взлома; - какие существуют эксплойты для перехвата хэшей; - как происходит уклонение от систем защиты; - как выполнить атаку Pass-the-Hash; - как устранять неполадки, возникающие в процессе использования инструментов. Семинар будет интересен слушателям, прошедшим или планирующим прохождение курсов: «Защита от хакерских атак» - https://www.specialist.ru/course/cnd «Этичный хакинг и тестирование на проникновение» - https://www.specialist.ru/course/ceh «Тестирование на проникновение и анализ безопасности» - https://www.specialist.ru/course/ceh2 «Атака и защита веб-сайтов по OWASP Top 10» - https://www.specialist.ru/Page/NotFound?aspxerrorpath=/course/owasp. Рекомендуем посмотреть запись предыдущего семинара, посвящённого базовым приёмам анализа безопасности веб-сайта: https://www.youtube.com/watch?v=se6Y067V4W8

Preparing download options

Popular

HD video

Only sound

All

* — If the video is playing in a new tab, go to it, then right-click on the video and select "Save video as..."

** — Link intended for online playback in specialized players

Questions about downloading video

How can I download "Практические приемы этичного хакинга. Часть 3: Linux, Windows и анализ Active Directory" video?

http://unidownloader.com/ website is the best way to download a video or a separate audio track if you want to do without installing programs and extensions.
The UDL Helper extension is a convenient button that is seamlessly integrated into YouTube, Instagram and OK.ru sites for fast content download.
UDL Client program (for Windows) is the most powerful solution that supports more than 900 websites, social networks and video hosting sites, as well as any video quality that is available in the source.
UDL Lite is a really convenient way to access a website from your mobile device. With its help, you can easily download videos directly to your smartphone.

Which format of "Практические приемы этичного хакинга. Часть 3: Linux, Windows и анализ Active Directory" video should I choose?

The best quality formats are FullHD (1080p), 2K (1440p), 4K (2160p) and 8K (4320p). The higher the resolution of your screen, the higher the video quality should be. However, there are other factors to consider: download speed, amount of free space, and device performance during playback.

Why does my computer freeze when loading a "Практические приемы этичного хакинга. Часть 3: Linux, Windows и анализ Active Directory" video?

The browser/computer should not freeze completely! If this happens, please report it with a link to the video. Sometimes videos cannot be downloaded directly in a suitable format, so we have added the ability to convert the file to the desired format. In some cases, this process may actively use computer resources.

How can I download "Практические приемы этичного хакинга. Часть 3: Linux, Windows и анализ Active Directory" video to my phone?

You can download a video to your smartphone using the website or the PWA application UDL Lite. It is also possible to send a download link via QR code using the UDL Helper extension.

How can I download an audio track (music) to MP3 "Практические приемы этичного хакинга. Часть 3: Linux, Windows и анализ Active Directory"?

The most convenient way is to use the UDL Client program, which supports converting video to MP3 format. In some cases, MP3 can also be downloaded through the UDL Helper extension.

How can I save a frame from a video "Практические приемы этичного хакинга. Часть 3: Linux, Windows и анализ Active Directory"?

This feature is available in the UDL Helper extension. Make sure that "Show the video snapshot button" is checked in the settings. A camera icon should appear in the lower right corner of the player to the left of the "Settings" icon. When you click on it, the current frame from the video will be saved to your computer in JPEG format.

What's the price of all this stuff?

It costs nothing. Our services are absolutely free for all users. There are no PRO subscriptions, no restrictions on the number or maximum length of downloaded videos.