00:00 - Intro
01:20 - Start of nmap
03:22 - Poking at a rabbit hole (8080)
08:08 - GoBuster to find hidden directory
09:50 - Finding SQL Creds in hidden directory
13:40 - Using dbeaver to enumerate database
16:50 - Impacket-PSExec to Admin
19:00 - Proving James is not an Admin
20:35 - Using MSF to Enable Remote Desktop to do Incident Response
27:00 - Start of Remote Desktop Looking at Event Log + Active Directory
31:00 - Installing Sysmon to get better logs
36:15 - Looking at Sysmon Logs
42:20 - Proving the PrivEsc was due to Impacket-PSExec not cleaning up
48:00 - Using Forensics to get Service Creation Date
53:30 - Finding a HTB User creating a Git Issue to Impacket (LOL)
55:10 - Intended Route - Forging a Kerberos Ticket MS14-068
71:00 - Explaining why the unintended route probably got created
