For years internal network penetration tests have taken advantage of weak network protocols and a plethora of insecure defaults found within Windows environments.

In some cases, you might hear a pentester even say "we can basically write the report before we even test" due to the prevalence and repeatability of these attack vectors.

This sucks.

How do you know you're moving the needle?

How do you ensure that you won't be hit with the same findings year after year?

How do you know you're winning?

You can think of this talk alternatively as "10 tips pentesters don't want you to know about… you won't believe number 6!" I'll walk through the history of internal network penetration testing, what we find in almost every test, and give you actionable steps you take to make your next pentester have a tough time.

I will focus specifically on attacks that target on premise Active Directory, as this receives the most attention by red teamers and actual adversaries (think ransomware gangs) alike.

Does this sound aggressive? It should. As a penetration tester, it is a good thing if my job is frustrating.

That means you're winning.

I want you to win.