This podcast is sponsored by Arctic Wolf, whose Concierge Security teams Monitor, Detect and Respond to Cyber threats 24/7 for thousands of customers around the world. Arctic Wolf. Redefining cybersecurity. Visit Arcticwolf.com/7MS to learn more.

In today’s tale of pentest pwnage I got to try some tools and tricks for the first time! Here are the key points/takeaways from this test:

• It’s great to have additional goals to achieve in a network pentest outside of just "get DA"

• PayloadsAllTheThings has a great section on Active Directory attacks

• Using mitm6 and ntlmrelayx is now my new favorite thing thanks to The Cyber Mentor’s fantastic video showing us exactly how to launch this attack!

• If you’re scared of running mitm6 and accidentally knocking folks off your network, setup your Kali box to reboot in a few minutes just to be safe. Do something like:

shutdown -r +15 "Rebooting in 15 minutes just in case I mitm6 myself right off this box!"

• When mitm6+ntlmrelay dumps out a series of html/json files with lists of users, groups, etc., read through them! Sometimes they can include treats…like user passwords in the comment fields!

• Use crackmapexec smb IP.OF.DOMAIN.CONTROLLER -u username -p password to verify if your domain creds are good!

There are a bunch of people I need to thank because their tools/encouragement/advice played a part in making the test successful:

• Cyber Mentor
• hausec
• Josh T
• Dirk-jan Mollema
• Cyberfreaq who helped me resolve a key issue with mitm6
• Dominic from Slack
• Gh0sthax from Slack
• Nate from Slack