This a is a video walk-through of TryHackMe's Block. If you prefer a written walk-through, you can find it here: https://readysetexploit.gitlab.io/home/forensics/block/
Buy Me A Coffee :)
https://www.buymeacoffee.com/hadrian3689
0:00 Intro
1:00 Extracting and examining files
1:55 Examining the Wireshark traffic
3:25 Reading the blog post that inspired the challenge
5:25 Using Docker to build Pypykatz
8:25 Extracting the hashes with Pypykatz
9:45 Only one hash cracks with Hashcat
10:30 Showing how to decrypt SMB with just a password
11:25 Extracting first decrypted file
12:15 Reviewing script for SMB decryption
13:20 Using Docker to build Python2 environment
15:50 Forgot to copy script rebuilding environment
16:45 Getting values for decryption script
19:45 Getting decrypt session key
21:00 Getting session ID
22:48 Entering values for SMB decryption
23:50 Extracting second decrypted file
