0:00:00.799,0:00:02.600
what's going on guys welcome back to

0:00:02.600,0:00:04.759
this video today we're doing again a try

0:00:04.759,0:00:06.600
hack me video and we're going to focus

0:00:06.600,0:00:09.400
on SEC the security engineer track so we

0:00:09.400,0:00:11.000
have reached the active directory

0:00:11.000,0:00:12.759
hardening and it's going to be the

0:00:12.759,0:00:15.519
subject of this video so there are some

0:00:15.519,0:00:16.840
discussed

0:00:16.840,0:00:19.039
methods and I say some because there are

0:00:19.039,0:00:22.199
many methods to harden and secure active

0:00:22.199,0:00:25.359
uh directory meaning uh Windows server

0:00:25.359,0:00:27.800
with active directory but here there are

0:00:27.800,0:00:29.160
some methods that are discussed we're

0:00:29.160,0:00:30.400
going to go over these methods and we're

0:00:30.400,0:00:32.200
going to answer a couple questions going

0:00:32.200,0:00:34.719
try to make this as simple as I

0:00:34.719,0:00:39.000
can and for my members I released a new

0:00:39.000,0:00:42.280
uh Note file it is under the blue team

0:00:42.280,0:00:45.640
track The Blue Team notes and the name

0:00:45.640,0:00:47.760
is Windows security we'll be finding

0:00:47.760,0:00:50.399
this in the uh Google Drive notes all

0:00:50.399,0:00:54.600
right let let get back to the room

0:00:54.600,0:00:57.520
so we have a machine to spawn we going

0:00:57.520,0:01:01.359
to click on start the machine

0:01:01.359,0:01:04.319
so basically the task two is about

0:01:04.319,0:01:08.400
Concepts on active directory so it's not

0:01:08.400,0:01:11.640
a comprehensive uh list or comprehensive

0:01:11.640,0:01:14.360
uh you know uh it doesn't contain all

0:01:14.360,0:01:16.560
everything about directory but you know

0:01:16.560,0:01:17.720
if you are going through active

0:01:17.720,0:01:19.200
directory hardening you must know what

0:01:19.200,0:01:22.040
is domain domain controller and the

0:01:22.040,0:01:23.680
definition of trees and Forest we're

0:01:23.680,0:01:25.840
going to talk about this but there is

0:01:25.840,0:01:27.400
there are two questions here one

0:01:27.400,0:01:29.640
question what is the root domain in the

0:01:29.640,0:01:33.680
tab ad machine so basically here uh

0:01:33.680,0:01:34.720
let's

0:01:34.720,0:01:37.399
see yeah the machine is

0:01:37.399,0:01:41.759
still uh starting so here we have triac

0:01:41.759,0:01:45.159
me. ioc is the root domain and Z a.

0:01:45.159,0:01:48.560
triac me is not the subdomain uh we it's

0:01:48.560,0:01:50.880
it's called the child domain so both

0:01:50.880,0:01:55.520
these domains um exists under uh the

0:01:55.520,0:01:58.880
same tree so we call this a tree because

0:01:58.880,0:02:01.759
it contains more more than one domain

0:02:01.759,0:02:03.920
now the subject of this video will be on

0:02:03.920,0:02:06.759
the securing authentication

0:02:06.759,0:02:10.038
methods and the other tasks so let's

0:02:10.038,0:02:11.720
first make sure that the machine is up

0:02:11.720,0:02:15.239
and running going click on split

0:02:20.040,0:02:24.400
view okay so going to task three so in

0:02:24.400,0:02:28.760
task three we have the land manager

0:02:28.760,0:02:31.160
hash SMB

0:02:31.160,0:02:33.560
signing ldb

0:02:33.560,0:02:36.120
signing password policies and

0:02:36.120,0:02:38.640
rotation and some suggestions on

0:02:38.640,0:02:41.920
password policies so these are settings

0:02:41.920,0:02:44.080
that you can configure on your active

0:02:44.080,0:02:46.000
directory to make sure that the

0:02:46.000,0:02:49.000
authentication process is secure meaning

0:02:49.000,0:02:50.280
uh MIT

0:02:50.280,0:02:54.000
Maxs have little to no chance to succeed

0:02:54.000,0:02:55.840
at the same time you configure strong

0:02:55.840,0:03:00.400
password policy for uh your users

0:03:00.400,0:03:02.440
simultaneously in task four here they

0:03:02.440,0:03:05.280
talk about the General

0:03:05.280,0:03:09.200
Security um Concepts here so for example

0:03:09.200,0:03:12.599
the role based access control the uh

0:03:12.599,0:03:14.480
methods of Access Control the principle

0:03:14.480,0:03:16.760
of leas privilege all of these are

0:03:16.760,0:03:19.560
General Security controls that you can

0:03:19.560,0:03:21.599
um apply to the active directory or

0:03:21.599,0:03:24.000
Windows Server active directory and here

0:03:24.000,0:03:25.080
there are two

0:03:25.080,0:03:27.959
questions so computers and printers must

0:03:27.959,0:03:30.159
be added to tier zero so here's about

0:03:30.159,0:03:33.120
tiered access model now the tiered

0:03:33.120,0:03:35.000
access model is not discussed in

0:03:35.000,0:03:38.439
computer in comp Security Plus so here

0:03:38.439,0:03:41.200
I'm preparing for you guys a note file

0:03:41.200,0:03:44.519
to prepare for comp Security Plus

0:03:44.519,0:03:48.159
so here in comp Security

0:03:48.159,0:03:50.799
Plus there are

0:03:50.799,0:03:53.599
certain models for Access Control oh my

0:03:53.599,0:03:56.959
God many things about as control as

0:03:56.959,0:04:01.400
control uh methods model

0:04:01.400,0:04:05.400
just too hard to find them

0:04:12.439,0:04:15.680
Mac okay as you can see guys in comp

0:04:15.680,0:04:18.238
Security Plus we discuss discretionary

0:04:18.238,0:04:20.320
Access Control role pce

0:04:20.320,0:04:22.639
mandatory and there is the rule based

0:04:22.639,0:04:24.639
access control as well if you scroll

0:04:24.639,0:04:27.479
down you're going to find it

0:04:27.479,0:04:30.759
maybe rule pay access control so all of

0:04:30.759,0:04:32.440
these access

0:04:32.440,0:04:36.720
controls are used depending on the

0:04:36.720,0:04:39.360
scenario or depending on organization so

0:04:39.360,0:04:42.759
tiered access model groups your

0:04:42.759,0:04:44.840
resources based on tiers for example as

0:04:44.840,0:04:47.960
you can see tier zero includes top

0:04:47.960,0:04:50.759
level uh resources such as admin

0:04:50.759,0:04:53.000
accounts domain controller and

0:04:53.000,0:04:57.320
groups so tier one applications and

0:04:57.320,0:05:01.560
servers tier two and user devices so the

0:05:01.560,0:05:04.320
higher it goes the less sensitive it

0:05:04.320,0:05:07.639
becomes so as you can see tier zero it's

0:05:07.639,0:05:10.320
the highest contains the highest

0:05:10.320,0:05:12.240
sensitive resources such as admin

0:05:12.240,0:05:14.160
accounts domain controller and groups so

0:05:14.160,0:05:16.160
here the question is computers and

0:05:16.160,0:05:19.880
printers must be added to tier zero nope

0:05:19.880,0:05:21.600
because computers and printers are end

0:05:21.600,0:05:24.240
points so we can add them to tier two

0:05:24.240,0:05:25.919
suppose a vendor arrived at your

0:05:25.919,0:05:29.680
facility for a twoe duration visit task

0:05:29.680,0:05:31.639
being a system administrator you should

0:05:31.639,0:05:34.800
create a high privileged account for him

0:05:34.800,0:05:38.160
nope because this goes to uh the role

0:05:38.160,0:05:40.960
ped access control so in role ped Access

0:05:40.960,0:05:43.800
Control we assign people

0:05:43.800,0:05:47.319
resources and permissions pays on their

0:05:47.319,0:05:50.600
uh job and additionally we apply the

0:05:50.600,0:05:53.039
principle of lease

0:05:53.039,0:05:55.319
privilege meaning the least privileged

0:05:55.319,0:05:58.520
means that if they don't need access to

0:05:58.520,0:06:00.840
a certain resource we don't grant them

0:06:00.840,0:06:03.160
that uh permission to access that

0:06:03.160,0:06:05.360
resource depending on your job

0:06:05.360,0:06:07.880
description on your need as

0:06:07.880,0:06:12.039
well okay so finally the machine

0:06:12.039,0:06:13.720
started all right so we're going to

0:06:13.720,0:06:16.560
demonstrate task three now all right so

0:06:16.560,0:06:18.080
we're going to allow this and we're

0:06:18.080,0:06:22.560
going to start with the GP

0:06:22.560,0:06:25.199
edit the group policy editor most of the

0:06:25.199,0:06:27.039
policies you configure in active

0:06:27.039,0:06:30.240
directory whether to harden sec cure or

0:06:30.240,0:06:33.720
even to set certain settings are done

0:06:33.720,0:06:36.160
via the group policy

0:06:36.160,0:06:39.319
editor so it's good practice if you uh

0:06:39.319,0:06:43.000
go over the policies here and understand

0:06:43.000,0:06:44.440
what every single one of them the

0:06:44.440,0:06:46.599
purpose of every single one of them so

0:06:46.599,0:06:47.800
the first thing we're going to do is the

0:06:47.800,0:06:50.120
Lan hash

0:06:50.120,0:06:52.120
manager so here we're going to make sure

0:06:52.120,0:06:55.960
that Windows stores the hashes for the

0:06:55.960,0:06:59.440
user's password in the ntlm not the L

0:06:59.440,0:07:02.120
the LM because the LM is relatively

0:07:02.120,0:07:04.960
weaker than the NT right and it's

0:07:04.960,0:07:06.759
vulnerable to Brute Force attacks so we

0:07:06.759,0:07:08.400
make sure that the passwords or the

0:07:08.400,0:07:10.039
hashes are

0:07:10.039,0:07:13.240
stored uh in entty so we're going what

0:07:13.240,0:07:14.400
we're going to do here we're going to go

0:07:14.400,0:07:16.319
to computer configuration as you can see

0:07:16.319,0:07:17.840
here and then we're going to go to

0:07:17.840,0:07:20.840
policies Windows settings so in Windows

0:07:20.840,0:07:23.319
settings going to expand

0:07:23.319,0:07:26.360
this the machine is too slow frustration

0:07:26.360,0:07:29.039
frustrating okay security settings can

0:07:29.039,0:07:32.080
highlight this and expand to local

0:07:32.080,0:07:34.120
policies and if we expand the local

0:07:34.120,0:07:36.919
policies we go to Security Options and

0:07:36.919,0:07:41.840
from Security Options here we have the

0:07:41.840,0:07:43.560
security policies so as you can see

0:07:43.560,0:07:47.759
there is one here that's about the uh

0:07:47.759,0:07:51.639
land manager let's see what it

0:07:54.440,0:07:58.520
is so it starts with don't store let's

0:07:58.520,0:08:01.319
see what it is

0:08:02.039,0:08:04.759
yeah this is done

0:08:04.759,0:08:07.080
properties so now secure don't store

0:08:07.080,0:08:09.479
Land manager hash value on next password

0:08:09.479,0:08:11.919
change so by default this is enabled

0:08:11.919,0:08:13.599
which is good so make sure on your end

0:08:13.599,0:08:16.560
this is enabled because you don't want

0:08:16.560,0:08:20.400
um the password to be stored as LM hash

0:08:20.400,0:08:23.080
because it's going to be susceptible to

0:08:23.080,0:08:24.520
Brute Force attacks it's going to be

0:08:24.520,0:08:26.720
easily cracked all right that's the

0:08:26.720,0:08:30.039
first thing to securing uh or that's the

0:08:30.039,0:08:31.959
first thing you can do to secure active

0:08:31.959,0:08:35.240
directory other thing is SMB signing so

0:08:35.240,0:08:38.120
SMB as you know server message block is

0:08:38.120,0:08:40.479
the protocol responsible for file and

0:08:40.479,0:08:41.880
printer sharing so if you have file

0:08:41.880,0:08:44.279
sharing printer sharing enabled this

0:08:44.279,0:08:46.399
protocol most probably is enabled so the

0:08:46.399,0:08:49.160
problem is the the communications happen

0:08:49.160,0:08:51.680
in clear text so it's vable to mitm

0:08:51.680,0:08:56.000
attack so in order to prevent this we're

0:08:56.000,0:08:57.920
going to need to configure some security

0:08:57.920,0:08:59.440
policies again we go to back back to

0:08:59.440,0:09:02.320
window settings and then to security

0:09:02.320,0:09:07.880
settings back to local policies Security

0:09:08.560,0:09:12.519
Options and we're going to look for the

0:09:12.519,0:09:14.320
digital sign digitally signed

0:09:14.320,0:09:16.760
communication let's see what it is

0:09:16.760,0:09:20.200
digitally sign secure

0:09:20.720,0:09:24.320
Channel Microsoft

0:09:24.360,0:09:27.240
network this is the one digitally sign

0:09:27.240,0:09:30.240
communication properties and is disabled

0:09:30.240,0:09:32.320
so we're going to make sure this is

0:09:32.320,0:09:35.680
enabled explain go to explain going you

0:09:35.680,0:09:37.959
can see more information about this

0:09:37.959,0:09:40.600
digitally sign Communications the

0:09:40.600,0:09:42.440
security setting determines whether

0:09:42.440,0:09:44.760
packet signing is required by the SB

0:09:44.760,0:09:46.760
client

0:09:46.760,0:09:48.920
component so you want to you want the

0:09:48.920,0:09:50.880
communications through theb to be signed

0:09:50.880,0:09:53.160
and not vulnerable to mitm so you need

0:09:53.160,0:09:57.240
to or therefore you need to enable

0:09:57.600,0:09:59.640
this all right

0:09:59.640,0:10:02.839
another thing to securing uh protocols

0:10:02.839,0:10:05.760
in active directory is the lb protocol

0:10:05.760,0:10:08.160
so lb is the main protocol directory is

0:10:08.160,0:10:10.640
based on it's the light lightweight

0:10:10.640,0:10:14.399
directory access protocol so also we

0:10:14.399,0:10:17.000
want to PR secure the communications

0:10:17.000,0:10:19.839
based on that protocol for mitm attacks

0:10:19.839,0:10:20.839
so what we're going to do we're going

0:10:20.839,0:10:23.440
need also to enable the signing of these

0:10:23.440,0:10:26.839
communications so on the same uh pain

0:10:26.839,0:10:28.680
here we're going to need to find domain

0:10:28.680,0:10:31.640
control rer section and then we're going

0:10:31.640,0:10:34.839
to look for elab Server Channel binding

0:10:34.839,0:10:38.839
tokens yeah elab server signing

0:10:42.200,0:10:44.519
requirements so modifying the setting

0:10:44.519,0:10:46.040
may affect compatibility with the

0:10:46.040,0:10:48.839
clients so here it doesn't allow me to

0:10:48.839,0:10:50.639
enable it for some reason related to

0:10:50.639,0:10:53.440
this explanation but usually this needs

0:10:53.440,0:10:55.839
to be

0:10:56.399,0:10:59.800
enabled and to the most important part

0:10:59.800,0:11:02.399
is of this video is the password

0:11:02.399,0:11:04.720
policies so password policies can be

0:11:04.720,0:11:08.519
configured from the oh we're going to go

0:11:08.519,0:11:10.639
back to security headings and we're

0:11:10.639,0:11:12.760
going to check on account policies so

0:11:12.760,0:11:14.480
account Poli there is account there is

0:11:14.480,0:11:16.399
password policy here and from here you

0:11:16.399,0:11:19.639
can configure the minimum uh and maximum

0:11:19.639,0:11:22.160
length of the password the complexity

0:11:22.160,0:11:24.240
the age so on and so forth for example

0:11:24.240,0:11:26.600
as you can see here the Min maximum age

0:11:26.600,0:11:29.680
of the pass is 42 days which means after

0:11:29.680,0:11:32.560
42 days your users will be prompted to

0:11:32.560,0:11:35.160
change their

0:11:35.160,0:11:37.279
password that's the maximum age and

0:11:37.279,0:11:39.040
that's the minimum age minimum age is

0:11:39.040,0:11:41.120
one meaning you cannot change your

0:11:41.120,0:11:44.120
password uh during the first day of the

0:11:44.120,0:11:46.399
assignment and you have minimum password

0:11:46.399,0:11:49.120
link is seven

0:11:49.560,0:11:53.079
characters so these are the uh some

0:11:53.079,0:11:54.959
settings you can see and you askk there

0:11:54.959,0:11:57.279
are some questions to answer so we

0:11:57.279,0:12:00.079
scroll down change CH the yeah what is

0:12:00.079,0:12:02.240
the default minimum password length it

0:12:02.240,0:12:04.639
was seven as you can see

0:12:04.639,0:12:08.800
here going back showing it one more time

0:12:08.800,0:12:11.760
to you guys so seven characters all

0:12:11.760,0:12:14.160
right so these are these are some

0:12:14.160,0:12:16.240
policies that you can enable to harden

0:12:16.240,0:12:19.800
your active directory or to maybe secure

0:12:19.800,0:12:22.240
the authentication so additionally there

0:12:22.240,0:12:25.720
is in Task 5 there is this nice new tool

0:12:25.720,0:12:27.560
that I haven't heard before it is a

0:12:27.560,0:12:31.240
Microsoft security compliance tool kit

0:12:31.240,0:12:33.360
so this

0:12:33.360,0:12:38.000
tool let's go to the relative folder

0:12:38.279,0:12:42.360
scripts open that

0:12:43.240,0:12:46.000
okay opening the link of the tool so if

0:12:46.000,0:12:48.399
you download this tool it will give you

0:12:48.399,0:12:50.720
recommendations and give you ready

0:12:50.720,0:12:53.240
templates so that you download them and

0:12:53.240,0:12:54.720
configure active directory if you don't

0:12:54.720,0:12:56.800
know what to what to do and what

0:12:56.800,0:12:59.279
policies to configure you can uh

0:12:59.279,0:13:02.760
download this tool and retrieve ready

0:13:02.760,0:13:05.480
templates to configure for example on

0:13:05.480,0:13:08.480
Group Policy there are already readymade

0:13:08.480,0:13:12.240
um uh configurations for example here

0:13:12.240,0:13:15.720
Windows Server 2019 security Baseline

0:13:15.720,0:13:18.560
downloaded from the tool itself

0:13:18.560,0:13:22.279
so to illustrate further in the figures

0:13:22.279,0:13:23.560
here as you can see when you run this

0:13:23.560,0:13:26.320
tool it gives you the

0:13:26.320,0:13:29.399
templates now here Windows server 22

0:13:29.399,0:13:32.920
security peline zip this is zip file and

0:13:32.920,0:13:35.399
it was downloaded to this machine and

0:13:35.399,0:13:37.480
once downloaded you can see the relative

0:13:37.480,0:13:39.880
folder if you open it and go to local

0:13:39.880,0:13:42.360
scripts you can see the partial script

0:13:42.360,0:13:46.959
that if you um run it will configure uh

0:13:46.959,0:13:50.120
the uh configurations set on this Bas

0:13:50.120,0:13:52.519
line so the P line it's actually

0:13:52.519,0:13:54.800
collection and combination of

0:13:54.800,0:13:56.839
configurations that makes sure your

0:13:56.839,0:14:00.920
Windows server is secure Bas on specific

0:14:00.920,0:14:03.880
Baseline right and you can use this as a

0:14:03.880,0:14:05.959
start if you don't know what to do

0:14:05.959,0:14:09.959
additionally there is the policy

0:14:09.959,0:14:14.120
analyzer again Guys these are uh can be

0:14:14.120,0:14:16.160
downloaded by running the tool on your

0:14:16.160,0:14:18.040
machine and then selecting the

0:14:18.040,0:14:20.040
configuration you want to download it be

0:14:20.040,0:14:21.440
downloaded in zip file and you can

0:14:21.440,0:14:23.800
extract and see it this way so policy

0:14:23.800,0:14:25.720
analyzer analyzes the group policy

0:14:25.720,0:14:30.680
settings in your environment okay

0:14:31.279,0:14:35.320
and as you can see here there are the

0:14:37.040,0:14:39.079
demonstrations so if you go back here to

0:14:39.079,0:14:41.639
policy analyzer you can see these are

0:14:41.639,0:14:44.720
the uh scripts that if you run we

0:14:44.720,0:14:47.600
configure your group policy based on the

0:14:47.600,0:14:49.800
settings let's go over one of them so if

0:14:49.800,0:14:52.720
you go back to Windows Server security

0:14:52.720,0:14:56.680
Baseline and check the

0:14:57.680,0:15:01.320
gpos so as you can see these gpos can be

0:15:01.320,0:15:03.839
directly imported to your group policy

0:15:03.839,0:15:07.839
editor based on the machine and the

0:15:09.600,0:15:13.920
user if you open this in XML

0:15:20.279,0:15:24.320
format hopefully it's going to

0:15:27.600,0:15:29.920
open

0:15:29.920,0:15:33.519
yeah see guys these are

0:15:33.519,0:15:36.519
the

0:15:37.079,0:15:39.360
configurations now the best thing to do

0:15:39.360,0:15:42.040
is to import them to your security or to

0:15:42.040,0:15:46.880
to the the uh Group Policy editor

0:15:46.880,0:15:49.759
lgpo as you can see is an executable

0:15:49.759,0:15:52.480
file all right so on the task here there

0:15:52.480,0:15:55.120
is find an open Baseline local and

0:15:55.120,0:15:58.199
install script and find the flag let's

0:15:58.199,0:15:59.720
go here and see where is that script

0:15:59.720,0:16:02.079
local script and there is Baseline local

0:16:02.079,0:16:04.680
and install let's open this and see what

0:16:04.680,0:16:06.839
it

0:16:17.959,0:16:21.199
does okay so the description says

0:16:21.199,0:16:23.040
applies a Windows security configuration

0:16:23.040,0:16:25.959
peline to a local Group

0:16:25.959,0:16:28.360
Policy execute the script with one of

0:16:28.360,0:16:30.600
the required command line switches to

0:16:30.600,0:16:33.279
install the corresponding pay

0:16:33.279,0:16:37.120
line so here you specify you execute

0:16:37.120,0:16:39.880
this either on a domain controller or in

0:16:39.880,0:16:42.600
a domain joined machine requirements

0:16:42.600,0:16:44.759
partial execution

0:16:44.759,0:16:47.040
policy domain join machine and this is

0:16:47.040,0:16:49.800
the flag so as you can see guys these

0:16:49.800,0:16:51.600
are set of configurations that will be

0:16:51.600,0:16:54.040
applied on any domain or any computer

0:16:54.040,0:16:55.279
you apply it

0:16:55.279,0:16:57.639
to and it will configure the group

0:16:57.639,0:17:00.319
policy pays on the mentioned

0:17:00.319,0:17:03.120
configurations

0:17:10.199,0:17:12.439
here

0:17:12.439,0:17:16.160
okay the other question find an open

0:17:16.160,0:17:18.319
merge policy rule

0:17:18.319,0:17:21.400
script imported from policy analyzer

0:17:21.400,0:17:24.000
impartial

0:17:26.880,0:17:31.280
editor so back back to policy

0:17:31.280,0:17:33.880
analyzer can check the scripts merge

0:17:33.880,0:17:35.960
policy let's take a look at the uh

0:17:35.960,0:17:40.360
script here what it does so merge policy

0:17:40.400,0:17:44.080
analyzer policy files what merge policy

0:17:44.080,0:17:46.440
analyzer policy rules files into one

0:17:46.440,0:17:49.120
policy rules set written into the

0:17:49.120,0:17:51.799
pipeline so one of the things that

0:17:51.799,0:17:54.200
policy analyzer does is that

0:17:54.200,0:17:57.919
it gets rid of redundant uh policies

0:17:57.919,0:18:00.000
configured in

0:18:00.000,0:18:02.400
GP and if you scroll down as you can see

0:18:02.400,0:18:04.799
this is the

0:18:06.080,0:18:08.799
flag uh other questions we have to ask

0:18:08.799,0:18:11.080
so these are the common attacks against

0:18:11.080,0:18:12.520
active director we have discussed many

0:18:12.520,0:18:14.120
rooms on active director penetration

0:18:14.120,0:18:15.799
testing we can get back to them guys and

0:18:15.799,0:18:19.320
see how uh attacks are conducted against

0:18:19.320,0:18:21.760
these kind of environments so does Cur

0:18:21.760,0:18:23.480
roasting utilize an offline attack

0:18:23.480,0:18:25.520
scheme for cracking gted passwords we

0:18:25.520,0:18:26.880
explained previously guys about C

0:18:26.880,0:18:30.440
roasting just go through this again and

0:18:30.440,0:18:32.120
the answer is yes it's offline because

0:18:32.120,0:18:34.440
at the end you you you will you take the

0:18:34.440,0:18:37.039
ticket and you crack it offline as per

0:18:37.039,0:18:39.120
the generated report how many users have

0:18:39.120,0:18:41.840
the same password as Aon Booth so for

0:18:41.840,0:18:43.600
you guys who are asking where is the

0:18:43.600,0:18:47.440
report the report is here if you go

0:18:47.440,0:18:50.919
to the image here you click on it and

0:18:50.919,0:18:52.559
see this is the

0:18:52.559,0:18:55.880
report these are the

0:18:55.880,0:18:59.600
usernames who who have the same password

0:18:59.600,0:19:02.760
as you can see Iron

0:19:02.760,0:19:04.960
Booth the number of accounts with the

0:19:04.960,0:19:07.840
same password is

0:19:08.159,0:19:11.720
186 and lastly this is cheat sheet from

0:19:11.720,0:19:16.159
tryck me you can download it to uh take

0:19:16.159,0:19:17.480
a look at more details on active

0:19:17.480,0:19:21.480
directory hardening so that was it guys

0:19:21.480,0:19:23.880
I hope you enjoyed the video and

0:19:23.880,0:19:25.520
definitely I'm going to see you later to

0:19:25.520,0:19:28.600
complete this track