Heist Box Walkthrough

Welcome to Sid's walkthrough of a Proving Grounds called Heist! OffSec Live sessions are held on Fridays, anyone is free to join:   / offsecofficial   We do demonstrations and walkthroughs of course Modules and Proving Grounds machines. Additionally, sessions offer career guidance, including how to build a resume, how to break into #cybersecurity, and interview tips. Time stamps: 00:00:00 - Intro 00:10:00 - Initial Scan with Nmap and Metasploit 00:22:00 - Web Server Enumeration 00:28:00 - Responder and Net-NTLM Hash 00:45:00 - Dynamic HTTPS Meterpreter payload 00:50:00 - Active Directory Enumeration and WinPeas Module 01:08:00 - Bloodhound and Group Policies 01:17:00 - Lateral account movement to svc_apache 01:37:00 - Private Esc- Exploiting SeRestore and Windows Accessibility 02:03:00 - Conclusion