00:00 - Intro
01:00 - Start of nmap
03:50 - Enumerating the file server
06:30 - Cracking the zip file with John
08:40 - Cracking the pfx file (PKCS12) with John
10:27 - Extracting the certificate and key from the pfx file
11:24 - Using evil-winrm to login with the certificate
14:40 - Checking the PSReadline file and getting another credential
16:05 - Logging in with svc_deploy, failing to run bloodhound
21:00 - Running net user discovering we are in LAPS Group
23:00 - Running get-adcomputer to get the LAPS Password
27:00 - Showing a python script to extract LAPS Passwords
Support the originator by clicking the read the rest link below.
