Today your pal and mine Joe “The Machine” Skeen pwn one of the two Ninja Hacker Academy domains! This pwnage included:

• Swiping service tickets in the name of high-priv users
• Dumping secrets from wmorkstations
• Disabling AV
• Extracting hashes of gMSA accounts

We didn’t get the second domain pwned, and so I was originally thinking about doing a part 5 in November, but changed my mind. Going forward, I’m thinking about doing longer, all-in-one hacking livestreams where we cover things like NHA from start to finish. My first thought would be to do one long livestream where we complete NHA start to finish. Would you be interested? Let me know at 7MinSec.club, as I’m thinking this could be an interesting piece of bonus content.

In today’s episode:

• I got a new podcast doodad
• I really like JitBit as a security ticketing system (not a sponsor)
• The Threat Hunting with Velociraptor 2-day training was great. Highly recommend. I got inspired to take this class after watching the 1-hour primer here.

Today’s tale of pentest pwnage involves:

• Using mssqlkaren to dump sensitive goodies out of SCCM
• Using a specific fork of bloodhound to find machines I could force password resets on (warning: don’t do this in prod…read this!)

Don’t forget to check out our weekly Tuesday TOOLSday – live every Tuesday at 10 a.m. over at 7MinSec.club!