Pentest Story Time

My Favorite Hacks From the Past Year

Speaker

Heath Adams (aka The Cyber Mentor) is the CEO and founder of TCM Security. Outside of TCM Security, he is an online cybersecurity instructor on platforms such as Udemy, YouTube, and Twitch, teaching his students penetration testing methods and tactics. Heath is also a military veteran, having served in the US Army Reserves, and helped co-found VetSec, a 501c3 dedicated to military members in cybersecurity. When Heath is not at work, he enjoys spending time with his wife, Amber, and their five animal “children.” He is an avid runner, musician, trivia nerd, and sports fan.

Abstract

“This talk covers a few of my favorite stories from the past year and will demonstrate different ways that I managed to ““own”” an organization during a pentest engagement. Stories include:

No MFA? Thanks! - This story discusses how I obtained domain admin access as an external attacker, teaching some key lessons along the way. IPv6 FTW! - This story discusses how IPv6 can be abused in internal networks and easily allow for complete domain compromise. You Spent How Much on Security? - This story discusses how I obtained domain controller access on an organization that was doing almost everything right and spending a lot of money to do so. Digging Deep - This story discusses how I managed to take down an internal network when no apparent exploit existed.”

Video