![Conda](/img/default-banner.jpg)
- 62
- 1 236 928
Conda
United States
Приєднався 9 жов 2019
I post videos on how to build and break things in the cybersecurity world. Currently I'm a penetration tester and am passionate about helping others learn about and break in to this industry.
All channel artwork was done by Ben over at bennormanton.net
All channel artwork was done by Ben over at bennormanton.net
OSEP Review - What YOU Need to Know! (UPDATED EXAM)
The OSEP certification from Offensive Security is a step up from OSCP. This certification teaches more advanced penetration testing techniques as well as methods to evade anti-virus systems like Windows Defender. Completion of this course will teach you how to successfully write malware and implants to evade detection on Windows and Linux system on your penetration testing engagements.
For more information about OSEP, check out the course page and syllabus: OSEP Information: www.offensive-security.com/pen300-osep/
OSEP Syllabus: www.offensive-security.com/documentation/PEN300-Syllabus.pdf
Join my Discord server: discord.gg/9CvTtHqWCX
Follow me on Twitter: 0xConda
If you found this video helpful and would like to support future creations, please considering visiting the following links:
Buy Me a Coffee: www.buymeacoffee.com/conda
#OSEP #OffensiveSecurity #PenetrationTesting #EthicalHacking
For more information about OSEP, check out the course page and syllabus: OSEP Information: www.offensive-security.com/pen300-osep/
OSEP Syllabus: www.offensive-security.com/documentation/PEN300-Syllabus.pdf
Join my Discord server: discord.gg/9CvTtHqWCX
Follow me on Twitter: 0xConda
If you found this video helpful and would like to support future creations, please considering visiting the following links:
Buy Me a Coffee: www.buymeacoffee.com/conda
#OSEP #OffensiveSecurity #PenetrationTesting #EthicalHacking
Переглядів: 16 785
Відео
How My Password Was Stolen with Social Engineering
Переглядів 3,1 тис.2 роки тому
Here's one social engineering example where I was social engineered into giving away a password and it was extremely embarrassing. Social engineering is a very effective hacking technique where attackers trick people into giving up sensitive information, such as a password. This is one example of a social engineering technique, and it worked! Join my Discord server: discord.gg/9CvTtHqWCX Follow...
Thank You for 10,000!
Переглядів 7312 роки тому
Thank you for helping me reach such an amazing milestone! Join my new Discord server: discord.gg/9CvTtHqWCX Follow me on Twitter for updates: 0xConda If you found this video helpful and would like to support future creations, please considering visiting the following links: Patreon: www.patreon.com/conda Buy Me a Coffee: www.buymeacoffee.com/conda Merchandise: conda.creator-spring.com/
Attacking Active Directory - GPP Credentials
Переглядів 9 тис.2 роки тому
Group Policy Preferences / GPP can be used to set passwords for local accounts in an active directory environment, among other things. These passwords are stored in a way that any user or machine can retrieve them and decrypt them, resulting in privilege escalation or lateral movement for an attacker. This method is extremely useful for pentesting active directory environments and real world pe...
How to Install Metasploit on Ubuntu Linux
Переглядів 19 тис.2 роки тому
Many people associate Metasploit with being installed on Kali Linux, but in fact it is easy to install on other Linux distributions as well. This video shows the process of installing Metasploit on an Ubuntu machine. Metasploit apt dependencies: ruby ruby-dev build-essential zlib1g zlib1g-dev libpq-dev libpcap-dev libsqlite3-dev Metasploit GitHub repo: github.com/rapid7/metasploit-framework Joi...
How to Reset Forgotten Password on Kali Linux
Переглядів 306 тис.2 роки тому
If you have forgotten the root password to your Kali Linux machine, you may be locked out and not able to log in. This video shows how to reset the Kali Linux root password from the login screen. The same method should also work on similar Linux distributions such as Debian and Ubuntu. Join my Discord server: discord.gg/9CvTtHqWCX Follow me on Twitter: 0xConda If you found this vide...
Certified Red Team Professional (CRTP) Review
Переглядів 13 тис.2 роки тому
If you are interested in learning about pentesting Active Directory environments, then the Attacking and Defending Active Directory course from Pentester Academy is a great place to start. This course covers a variety of penetration testing topics at an affordable price. Successful completion of this course will make you a Certified Red Team Professional, or CRTP. This is a great cybersecurity ...
FREE Hacking Lab - Entry Level Pentesting
Переглядів 7 тис.2 роки тому
I created this cybersecurity lab, Entry Level Pentesting, to offer free cybersecurity training. This lab simulates a penetration testing assessment that starts external, and should end with total control of all external and internal system. There is a mix of Linux and Windows machines, along with an Active Directory environment. Join my Discord server: discord.gg/9CvTtHqWCX Follow me on Twitter...
Snap Labs - EASILY Build Cybersecurity Labs
Переглядів 4,5 тис.2 роки тому
Snap Labs enables people to easily build and share cybersecurity labs. All labs are cloud hosted on Amazon Web Services (AWS) and can be made public for people to use. This software makes home labs / cybersecurity labs very simple to get started with. Their community edition is completely free to use, minus to costs to host on your AWS account. Join my Discord server: discord.gg/9CvTtHqWCX Foll...
How To Setup MFA for Linux Login (SSH, Console, Sudo)
Переглядів 12 тис.2 роки тому
This videos shows how to set up multi factor authentication (MFA / 2FA) for Linux device login using Google Authenticator. MFA is configured for three separate use cases including SSH MFA, local console MFA, and local console MFA with sudo MFA. Join my Discord server: discord.gg/9CvTtHqWCX Follow me on Twitter: 0xConda If you found this video helpful and would like to support future...
Pentesting - Do I Need To Know How To Code?
Переглядів 3,7 тис.2 роки тому
I often hear this question being asked: Do I need to know coding / programming to be a penetration tester? While you may not need the same skills as a software developer, having some coding skill can be very useful for a career in pentesting Join my Discord server: discord.gg/9CvTtHqWCX Follow me on Twitter: 0xConda If you found this video helpful and would like to support future cr...
How I Became a Penetration Tester At 21
Переглядів 22 тис.3 роки тому
Some people may be wondering... "How can I become a pentester?". In this video, I discuss how I learned about computer science and cybersecurity from the ground up. This ultimately lead to me becoming a penetration tester after I graduated college. Hopefully my story will help you if you are looking to go on a similar career journey. Join my Discord server: discord.gg/9CvTtHqWCX Follow me on Tw...
Windows Privilege Escalation - AlwaysInstallElevated
Переглядів 7 тис.3 роки тому
There are many different ways that local privilege escalation can be done on a Windows system. This video goes over priv esc in the case where the AlwaysInstallElevated setting is enabled for the current user. This setting allows a user to run any .msi file and NT AUTHORITY\SYSTEM. An attacker can exploit this by crafting a malicious .msi installer file and running it with system level privileg...
Linux Privilege Escalation: Sudo + LD_PRELOAD
Переглядів 9 тис.3 роки тому
Linux Privilege Escalation: Sudo LD_PRELOAD
Attacking Active Directory - Kerberoasting
Переглядів 37 тис.3 роки тому
Attacking Active Directory - Kerberoasting
How to Use X11 Forwarding on Windows or Linux
Переглядів 80 тис.3 роки тому
How to Use X11 Forwarding on Windows or Linux
Windows Privilege Escalation - SeBackupPrivilege
Переглядів 7 тис.3 роки тому
Windows Privilege Escalation - SeBackupPrivilege
Linux Privilege Escalation - LXD Group
Переглядів 7 тис.3 роки тому
Linux Privilege Escalation - LXD Group
Asciinema - How to Record Linux Terminal Sessions
Переглядів 4,7 тис.3 роки тому
Asciinema - How to Record Linux Terminal Sessions
Linux Privilege Escalation - Docker Group
Переглядів 10 тис.3 роки тому
Linux Privilege Escalation - Docker Group
Windows Privilege Escalation - Unquoted Service Path
Переглядів 14 тис.3 роки тому
Windows Privilege Escalation - Unquoted Service Path
How to Join a Linux Machine to Active Directory (Ubuntu 20.04)
Переглядів 78 тис.3 роки тому
How to Join a Linux Machine to Active Directory (Ubuntu 20.04)
Windows Privilege Escalation - Writable Service Executable
Переглядів 10 тис.3 роки тому
Windows Privilege Escalation - Writable Service Executable
OSCP - Windows Privilege Escalation Methodology
Переглядів 26 тис.3 роки тому
OSCP - Windows Privilege Escalation Methodology
OSCP - Linux Privilege Escalation Methodology
Переглядів 45 тис.3 роки тому
OSCP - Linux Privilege Escalation Methodology
Attacking Active Directory - Bloodhound
Переглядів 53 тис.3 роки тому
Attacking Active Directory - Bloodhound
Attacking Active Directory - AS-REP Roasting
Переглядів 16 тис.3 роки тому
Attacking Active Directory - AS-REP Roasting
How to Setup a Virtual Windows Active Directory Domain
Переглядів 23 тис.3 роки тому
How to Setup a Virtual Windows Active Directory Domain
Perfect! Thank you for respecting my time.
Thank you
I must be missing something, this works until I reboot, then the resolv.conf gets truncated and breaks DNS. Only way I've been able to fix is to enable/start systemd-resolved.service, edit the resolv.conf again, then stop/disable. Which will work until I reboot again.
one of the most useful videos of all time !!!!!!! awesome !!!!!
bro you saved my life :)
You have just saved me a bunch of time and hassle, thanks man. Keep up the good work.
Congrats ! I just finished my OSCP now i feel empty
i cant type inside the terminal
Thanks man saved my ass
bro just gives me unlimited power
i'm using ssh to connect to my linux server - in the same network - and i'm using the public key method - only my key can connect to the server and only from my computer . I have linux mint distro made every step you said 1 by 1 and still - i'm not getting prompt for google authentication when trying to log in with ssh and now i cannot access the server with xrdp - and the only MFA authentication i get is when i'm trying to log to the server directly ( not via remote service ) you should add a tutorial - how to reverse the installation and the configuration - cause apperantly - sudo apt purge libpam-google-authenticatior doesn't do anything except deleting the package files
Loved it MAAAN... <3
Thanks man. Appreciate
I have VMWorkstation17 installed. I went through the whole process, then after typing in the new password (twice) , I went to the || icon and selected restart guest. Is this different to a version I don't have? It looks slightly different from your page. Are you on VMWorkstation17 Pro? The only option I see is Restart Guest in terms of rebooting. Let me know if there is anything I could do differently. Thank you.
thanks a lot
"passwd: Authentication token manipulation error" someone help me?
IS the opposite also possible. Say host is Linux and remote is Windows. Can we do X11 forward from Windows to LInux host?
Thanks it worked
Great explanation. Try Hack Me didn't have a very good explanation, but your explanation was crystal clear. Definitely subbing.
Thank you
what is the password i should use in 1:50?
very useful thanks .
your so useless
i agree
me too
I've watched this whole Playlist and it has helped me understand so much, thank you Conda.
why you didnt do last part in terminal? we dont have access to the rdp. this part wasnt good actually. I know how to do that but many people dont and come here to leran mate. I wish you did last part in terminal too. thanks
You are awesome, thank you. This helped me so much with understanding some material for Pentest+.
I wish you could add the coresponding commands and tools for each one, then the video would be the best one in UA-cam. you kknow because I think the matter is explaining the bullet points and the main thing in short time than making long video or course with lots of unusefull information. it is exactly you did, short but effective. if you just put the reletive commands for each in updated video would be nice, then I have a strong reason to buy you a coffee :-). thanks mate
You are really saved my life.i got an headache for 4 hours because of this shit
Thank you so much bro
snap labs is shit. I registered and then it would not let me login. trash.
i cant type = and / on my gnu grub :(
Dude you are a f.... genius thank you
LIFE SAVER!!! LEARNED SO MUCH. I'm actually glad I forgot my password(very irresponsible of me).
thanks! doesnt work!
what is the control button
Whoa! But...doesn't this mean that anyone with access to the machine can just change root passwords? Seems like it should not be this easy. How do I defend against this? Also, thank you for an amazing video! Saved my a$$, but I expected a lot more pushback from the OS.
thanks bro
I can't think of a single service that allows a standard user the permission modify the executable file.
I've seen this many times in real life engagements and bug bounty programs. You'd be surprised.
When I run the command it goes back to the log in page 😔
thank you for detail explanation help to solve Vulnhub machine
So in the report you can't just put pictures with comments you also have to put the output of the programs in text maybe have more writing than screenshots. If I understood correct.
It's been a few years since I did the OSCP now, so the official requirements may have changed. The idea of including all of the commands in text blocks was so that the person reviewing your report could easily copy and paste commands instead of having to type them all out. Same with script modifications.
🎉
10/10 using Lubuntu in virtualbox
ty man for helping my friend get his passwd back now he can go on and forget it again :)
Can Nuclei basically do the same exact thing?
Nuclei isn't really meant for brute forcing in this way. In modern times I'd recommend ffuf for this.
@@c0nd4Cool. Thanks for the info
If ubuntu linux client finds windows server and dns, but domain not found. What could be the reason? You can try telnet connet to 53 port and it works. I try to understand more.
Maybe it is that you have to edit resolv.conf? It won't work with out it?
How tf can i reboot if it's dual boot🙂
Like normally you do Restart from the other operating system..and then do the steps
Thank you, brother!
it didn't work for me
big thanks