This podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers around the world. Arctic Wolf. Redefining cybersecurity. Visit to learn more.

Today’s episode continues part 1 of our series on the Certified Red Team Professional certification. Key points from today’s episode include:

  • It’s probably a better idea to run Bloodhound on your local machine so you don’t crush the student VM’s resources

  • Running Invoke-Command is one of my new favorite things. Check this post for a bunch of cheatsheet tips for running commands in PowerShell against other hosts.

  • Silver, gold and skeleton key attacks in AD – are they awesome? Yes? Do I see myself using those in short-term pentest enagements? Meh.

  • Wanna build a home lab to do some of these fun pentest stuff? Our buddy k3nundrum in Slack recommended we check out this. It looks awesome. And the devs of the tool have a video on it here.

  • When you’re popping shells and privs all over the place in the lab, it can be confusing to figure out which machines you have what privileges on. I like using the klist command. Or, from a mimikatz prompt, try kerberos::list /export.

Written by: Brian Johnson

Share on socials: