A pentester navigated from basic internal network access to achieving full Domain Controller (DC) compromise and ultimately SCADA system control, revealing vulnerabilities that could have led to a hazardous chlorine release into a city's water supply. Episode 5 of The Security Engineering Show offers invaluable insights into modern offensive security and real-world breaches.

This is the show for security engineers, by security engineers.

Featuring

Noah Stanford: CEO at 0pass

Finn Foulds-Cook: Senior Penetration Tester at Volkis

00:00 - Intro

1:40 - The Engagement

4:45 - Windows Exploitation and Tooling

6:55 - ADCS, Coerced Auth, and Certs!

11:10 - Domain Controller Takeover

13:20 - Abusing DC Sync and EDR

15:55 - From DA to Azure

18:00 - Disabling your fancy EDR

19:30 - Escalating to Azure Global Admin

21:10 - Everything hacked, now what?

22:03 - Enumerating SCADA

24:31 - From SCADA to DEATH

27:44 - How do we fix all of this?

30:01 - Important security insights

31:47 - Message to Security / IT teams

33:36 - Outro