ChatGPT & Gemini in Ethical Hacking & Cyber Security | TryHackMe BadSuccessor Walkthrough

This video discusses a Microsoft Windows Active Directory vulnerability called "Bad Successor." This vulnerability can allow an attacker to escalate privileges from a domain user to a domain admin. At the time of the video's recording, Microsoft was reportedly working on a patch, but one had not yet been released. We used ChatGPT & Gemini to help interpret the output of security tools, research vulnerabilities and create reports.
****
Receive Cyber Security Field, Certifications Notes and Special Training Videos
https://buymeacoffee.com/notescatalog...
Writeup
https://motasem-notes.net/chatgpt-gem...
******
Store
https://buymeacoffee.com/notescatalog...
Patreon
  / motasemhamdan  
Instagram
  / motasem.hamdan.official  
LinkedIn
[1]:   / motasem-hamdan-7673289b  
[2]:   / motasem-eldad-ha-bb42481b2  
Twitter
  / manmotasem  
Facebook
  / motasemhamdantty  
TikTok
  / motasemhamdan0  
**
00:00 - Introduction to the Bad Successor Vulnerability
01:02 - How ChatGPT Can Assist in Penetration Testing
02:07 - Understanding Managed Service Account Types
03:30 - Explaining Delegated Managed Service Accounts (DMSA)
04:09 - Core Concept: Attacker Control of DMSA
05:06 - Initial Lab Setup and Connecting to Workstation
05:53 - Reviewing PowerShell Script to Identify Permissions
06:59 - Using ChatGPT to Interpret AD Permissions
09:20 - Executing the Script and Identifying Vulnerable Accounts
10:04 - Confirming Privileges and Launching Exploitation Steps
11:07 - Creating and Weaponizing a DMSA Account
12:11 - Obtaining Ticket Granting Tickets (TGT) with Rubeus
13:45 - Accessing Admin Shares via TGT
15:13 - Adjusting Command Paths and Finalizing Exploitation
16:13 - Performing Domain Admin Imperson