1 00:00:01,300 --> 00:00:07,310 So now we need to download and set up and in Jester there's a few ways that we can do this. 2 00:00:07,330 --> 00:00:10,460 There is invoke bloodhound from power shell. 3 00:00:10,480 --> 00:00:16,720 There is a tool called sharp pound which is written in C sharp and there's actually even a python one 4 00:00:16,720 --> 00:00:17,500 as well. 5 00:00:17,540 --> 00:00:24,610 We're just gonna use the invoke bloodhound power shell method and grab some data back from the domain 6 00:00:24,640 --> 00:00:27,820 and then we're gonna go ahead and analyze it in the next video. 7 00:00:27,820 --> 00:00:35,230 So what I want you to do is go ahead and search for invoke bloodhound and it should pull up a get hub. 8 00:00:35,240 --> 00:00:37,450 Here you see data collector. 9 00:00:37,450 --> 00:00:39,350 We can do sharp pound. 10 00:00:39,500 --> 00:00:41,120 1 or we can do. 11 00:00:41,140 --> 00:00:43,130 It's open both of these and take a look. 12 00:00:43,240 --> 00:00:44,790 So data collector will bring you to this. 13 00:00:44,820 --> 00:00:51,180 It's just gonna give you some information about how you can use invoke bloodhound and what the different 14 00:00:51,180 --> 00:00:52,680 collection methods are. 15 00:00:52,710 --> 00:00:54,530 We'll cover what we're going to do with this. 16 00:00:54,540 --> 00:01:00,140 Here once we actually pull the data and we're going to go ahead and just open up this sharp pound at 17 00:01:00,160 --> 00:01:05,370 P.S. 1 and call the invoke bloodhound function when we actually run this. 18 00:01:05,370 --> 00:01:08,850 So go ahead and grab this file. 19 00:01:08,850 --> 00:01:13,500 Take this file and put this on to your windows 10 machine. 20 00:01:13,530 --> 00:01:19,320 OK so you should have both the Windows 10 machines running in your Windows Server 2016 running because 21 00:01:19,320 --> 00:01:21,450 we're going to start pulling data as well. 22 00:01:21,510 --> 00:01:27,870 So go ahead and log in and then if I could type my password. 23 00:01:28,170 --> 00:01:29,250 Go ahead and log in. 24 00:01:29,250 --> 00:01:32,550 And then what we're gonna do is I'm just gonna copy this file over real quick. 25 00:01:32,610 --> 00:01:38,820 So go ahead and pause your video and meet me over once you've got your file moved over. 26 00:01:38,990 --> 00:01:41,840 OK so now I've gotten my file moved over. 27 00:01:41,850 --> 00:01:48,720 We're gonna go ahead and run this I'm going to run power shell execution policy bypass just like this 28 00:01:49,470 --> 00:01:53,770 and we're going to bring in sharp down. 29 00:01:54,020 --> 00:01:54,350 All right. 30 00:01:54,380 --> 00:01:58,750 So now we're going to run this in gesture and it's gonna look just like this. 31 00:01:58,760 --> 00:02:02,540 You can start actually auto completing a lot of these. 32 00:02:02,690 --> 00:02:10,760 So we're going to invoke bloodhound and we're going to use a collection method of all like this. 33 00:02:10,880 --> 00:02:20,170 We're going to specify the domain which is marvel that local and we're going to put a zip file here. 34 00:02:20,170 --> 00:02:23,320 We're going to take a zip file and we're just gonna call it file dot Zip. 35 00:02:23,920 --> 00:02:28,840 And this should be and I'll give you a second to catch up and then I'm going to go ahead and hit enter 36 00:02:28,840 --> 00:02:35,290 on this and now it's collecting all the data we've got all the data. 37 00:02:35,330 --> 00:02:38,070 Now what we need to do is go copy this data. 38 00:02:38,090 --> 00:02:42,050 So go to your Downloads folder you should be able to copy this data. 39 00:02:42,050 --> 00:02:46,490 You might have to move it from one desktop to another and then onto the next. 40 00:02:46,490 --> 00:02:53,900 So I'm going to copy this and take this over to my windows machine pasted there and then I'm going to 41 00:02:53,900 --> 00:02:58,690 take that and paste it onto my machine in Cali. 42 00:02:58,700 --> 00:03:01,970 So go ahead and get this file moved over to your machine. 43 00:03:02,600 --> 00:03:08,720 And then I'll meet you over in the next video when we learn how to actually import this file and review 44 00:03:08,780 --> 00:03:09,590 the details.