01:10 - Begin of recon
03:00 - Poking at DNS - Nothing really important.
04:00 - Examining what NMAP Scripts are ran.
06:35 - Lets just try out smbclient to list shares available
07:25 - Using SMBMap to show the same thing, a great recon tool!
08:30 - Pillaging the Replication Share with SMBMap
09:20 - Discovering Groups.xml and then decrypting passwords from it
13:10 - Dumping Active Directory users from linux with Impacket GetADUsers
16:28 - Using SMBMap with our user credentials to look for more shares
18:25 - Switching to Windows to run BloodHound against the domain
26:00 - Analyzing BloodHound Output to discover Kerberostable user
27:25 - Performing Kerberoast attack from linux with Impacket GetUsersSPNs
29:00 - Cracking tgs 23 with Hashcat
30:00 - Getting root on the box via PSEXEC