This video walks through one of the paths to complete domain compromise I practiced for passing the OSCP. Specifically this video is going "back to the basics" and showing the tools, methods, and tactics I practiced first, before moving on to move complex ones. I'm thinking the next attack path I share will be one of the more 'advanced' flows.
Thank you for watching and I hope this helps you with your journey!

The link to setting up this lab environment is here:    • OSCP Practice Lab: How to Build an Ac...  


0:00 Intro
2:29 OpenVPN
4:40 /etc/hosts
7:39 MS01 Enumeration
21:36 MS01 Information Disclosure
26:59 MS01 Password Spraying with Hydra
29:57 MS01 Password Spraying with CrackMapExec
33:23 MS01 Initial Foothold: FTP
34:24 MS01 Hunting for an Exploitable Service
41:44 Using Shellcode
47:30 MS01 Application Exploitation
51:45 MS01 winPEAS
59:39 MS01 Priv Esc: Scheduled Task
1:13:09 Backdoor Acct and RDP Access
1:20:42 MS01 Mimikatz
1:28:35 Cracking with Hashcat
1:32:50 Pivoting with Ligolong
1:42:39 Kerberoasting
1:44:30 ASREP Roasting
1:49:55 Credential Spraying AD
1:59:57 crackmapexec
2:03:03 enum4linux
2:04:24 smbclient
2:07:42 crackmapexec for WinRM
2:08:55 crackmapexec for RDP
2:10:20 RDP Access with xfreerdp
2:12:23 MS02 Priv Esc
2:18:00 Payload Transfer to the Inside
2:23:35 MS02 Mimikatz
2:26:28 Cracking with Hashcat
2:28:46 DC01 PassTheHash with evilwinrm
2:31:46 BONUS: Port Forwarding to Transfer Payloads
2:37:29 BONUS: Port Forwarding to Catch Shells
2:43:16 BONUS: Bind Shells