One of the main objectives on a red team engagement is to get access to several user accounts (lateral movement) as well as administrator accounts (privilege escalation). After getting initial access to the internal network, you can launch several attacks to harvest credentials. In this course, Credential Access with Responder, you will explore one of the most important tools for lateral movement and privilege escalation, the Responder tool - a LLMNR, NBT-NS, and MDNS poisoner developed by Laurent Gaffie. First, you will exploit vulnerabilities on the LLMNR protocol. Then, you will use NBT-NS and MDNS protocols to gather credentials of domain users. Finally, you will learn not only how to get NTLM hashes, but also how to crack them to get plain text passwords and how to use those hashes in pass-the-hash attacks. By the end of this course, you will know two important tactics from the MITRE ATT&CK framework: LLMNR/NBT-NS Poisoning and Relay (T1171) and Network Sniffing (T1040).
Accelerated Mobile Pages, or 'AMP' for short, is a project Google has been working on for a few years that makes it easier for sites to create faster mobile experiences. You've probably seen most of your favorite sites add support for AMP over the past year or two, and now you can count Android Police (your favorite site, obviously) among them!
Here goes nothing!
Our under-the-hood @AMPhtml implementation is a year in the making and as a result some of the best in the business.
Really fast and capable, matching the main site as closely as possible in both familiar looks and functionality. pic.twitter.com/S4iOdZyp9G
— Artem Russakovskii (@ArtemR) August 30, 2019
So what took us so long, you might ask? Well, we've spent an entire year working on a heavily-customized version of AMP that looks and feels almost exactly like the real site. All the design elements look the same, the comment section works (many sites forget that part!), videos and other embedded content is fully-functional, and everything is generally where you would expect. However, you can still get the speed benefit of AMP, as elements don't load until you scroll down to them. You can see a demo here.
If you find yourself on the AMP version of a page, and you want to see the original version, there's a handy link right under the article title. Most sites make it extremely difficult to get back to the original page, and even though our AMP site is basically the same as the mobile site, we threw a link in anyway. Only articles have AMP versions, not the home page, categories, tags, and so on.
The image gallery is one of the best aspects of AMP articles. It's super smooth and responsive, and you can swipe down on it at any time to close the popup.
— Artem Russakovskii (@ArtemR) August 31, 2019
Now live on https://t.co/lCN5IQmDXV!
No more waiting for the full page to load to have all the images and embeds resize to mobile sizes - the resizing is now instant and done in CSS. https://t.co/0TevBL1Ub7
— Artem Russakovskii (@ArtemR) August 6, 2019
We've also signed up for Google's 'AMP Real URL' program, so visiting the AMP page in Chrome should soon show "androidpolice.com" in the address bar instead of a Google URL (when you visit from Google Feed/News/Search/etc.). The rollout is dependent on some server-side magic, and it should happen sometime in the next few days.
The only bug you might notice is that the full-screen image gallery sometimes skips images during swiping. This is due to an issue with the official AMP gallery, not anything we've done, and Google engineers say it will take a few weeks to fix the bug.
It took a substantial amount of effort to get our AMP pages to be feature-complete with the main site, and I don't think it's a stretch to say it's one of the best implementations on the web today. If you've been waiting for this, be sure to thank our talented development team — Artem, Maciej, Sebastiaan, Stephan, and Vlad.
If you find a bug, let us know by filing an issue on GitHub or by sending a tip.