Getting DA is awesome for any pentester, but what next? To provide the most value to customers, take a look at five things to always do after getting DA.

InfoSecWriteUps' platform is  dedicated to providing insights and resources for cybersecurity professionals and enthusiasts. Through articles, tutorials, and security research, InfoSecWriteUps offers insights into cybersecurity vulnerabilities, attack techniques, and defense strategies. Readers can learn about penetration testing, threat intelligence, and incident response to enhance their cybersecurity knowledge and skills.

InfoSec Write-ups

After achieving Domain Admin (DA) access during a penetration test, the real work begins. Five key post-DA actions are outlined: dumping NTDS.dit password hashes (using secretsdump or Evil-WinRM as a fallback), using BloodHound to enumerate attack paths and misconfigurations, adding test user accounts to validate detection capabilities, creating Golden Tickets using the krbtgt hash for stealthy persistence (with guidance on the required double password reset for remediation), and enumerating network shares to surface sensitive data like PII or credentials. The emphasis is on translating technical findings into business-impact evidence that clients can act on.

Domain Admin… and Beyond