Think your network is locked down? Think again. In this episode of Cyberside Chats, we’re joined by Tom Pohl, LMG Security’s head of penetration testing, whose team routinely gains domain admin access in over 90% of their engagements. How do they do it—and more importantly, how can you stop real attackers from doing the same?
Tom shares the most common weak points his team exploits, from insecure default Active Directory settings to overlooked misconfigurations that persist in even the most mature environments. We’ll break down how features...
Think your network is locked down? Think again. In this episode of Cyberside Chats, we’re joined by Tom Pohl, LMG Security’s head of penetration testing, whose team routinely gains domain admin access in over 90% of their engagements. How do they do it—and more importantly, how can you stop real attackers from doing the same?
Tom shares the most common weak points his team exploits, from insecure default Active Directory settings to overlooked misconfigurations that persist in even the most mature environments. We’ll break down how features like SMB signing, legacy broadcast protocols, and other out-of-the-box settings designed for ease, not security, can quietly open the door for attackers—and what security leaders can do today to shut those doors for good.
Whether you're preparing for your next pentest or hardening your infrastructure against advanced threats, this is a must-watch for CISOs, IT leaders, and anyone responsible for securing Windows networks.
Takeaways:
- Eliminate Default Credentials: Regularly audit and replace default logins on network-connected devices, including UPS units, printers, cameras, and other infrastructure.
- Harden AD Certificate Services: Review certificate template permissions and AD CS configurations to block known exploitation paths that enable privilege escalation.
- Enforce SMB Signing Everywhere: Enable and enforce both client and server SMB signing via Group Policy to prevent authentication relay attacks.
- Clean Up File Shares: Scan internal shares for exposed passwords, scripts, and sensitive data, then implement role-based access control by locking down permissions and eliminating unnecessary access.
- Disable Legacy Protocols: Turn off LLMNR, NetBIOS, and similar legacy protocols to reduce the risk of spoofing and name service poisoning attacks.
References:
“Critical Windows Server 2025 DMSA Vulnerability Exposes Enterprises to Domain Compromise” (The Hacker News)
https://thehackernews.com/2025/05/critical-windows-server-2025-dmsa.html
“Russian GRU Cyber Actors Targeting Western Logistics Entities and Tech Companies” (CISA Alert)
https://www.cisa.gov/news-events/alerts/2025/05/21/russian-gru-cyber-actors-targeting-western-logistics-entities-and-tech-companies
LMG Security – Penetration Testing Services (Identify weaknesses before attackers do)
https://www.lmgsecurity.com/services/penetration-testing/
View more
