Thank you ThreatLocker for sponsoring my trip to ZTW26 and also for sponsoring this video. To start your free trial with ThreatLocker please use the following link:  https://www.threatlocker.com/davidbombal

// Spencer Alessi’s SOCIAL //
YouTube:  https://www.youtube.com/@techspence
Website:  https://spenceralessi.com/adsecuritykit/
X:  https://x.com/techspence
LinkedIn:  https://www.linkedin.com/in/spenceralessi/
Swag:  https://www.etsy.com/shop/ethicalthreat/?etsrc=sdt&dd_referrer=https%3A%2F%2Fwww.youtube.com%2F

// ThreatLocker’s SOCIAL //
LinkedIn:  https://www.linkedin.com/company/threatlockerinc/posts/?feedView=all
X:  https://x.com/threatlocker
Instagram:  https://www.instagram.com/threatlocker/
Website:  https://www.threatlocker.com/

// David's SOCIAL // 
Discord: https://discord.com/invite/usKSyzb 
X: https://www.twitter.com/davidbombal 
Instagram: https://www.instagram.com/davidbombal 
LinkedIn: https://www.linkedin.com/in/davidbombal 
Facebook: https://www.facebook.com/davidbombal.co 
TikTok: http://tiktok.com/@davidbombal 
YouTube: https://www.youtube.com/@davidbombal
Spotify:  https://open.spotify.com/show/3f6k6gERfuriI96efWWLQQ
SoundCloud:  https://soundcloud.com/davidbombal
Apple Podcast:  https://podcasts.apple.com/us/podcast/david-bombal/id1466865532

// MY STUFF //
 https://www.amazon.com/shop/davidbombal 

// SPONSORS // 
Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com

// MENU //
0:00 - Coming up
0:54 - Spencer Alessi introduction & background
02:20 - Pentesting demo // Active Directory
03:34 - Control paths // Finding bad permissions with ADeleg
06:04 - Finding bad permissions with NetTools
06:52 - The most common issue
08:15 - Certificate abuse
12:20 - Quick recap
12:30 - Certificate abuse continued
15:10 - Pentesting summary
15:09 - How to become a pentester
18:48 - Recommended certifications
20:54 - Advice for blue teamers
22:15 - Overcoming being an introvert // Soft skills vs tech skills
23:43 - Windows hacking in the real world
24:54 - Conclusion

Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! 

Disclaimer: This video is for educational purposes only.

#microsoft #windows11 #hacker

David Bombal

A hands-on demo walkthrough of hacking Windows Active Directory in under 10 minutes using a chain of misconfigurations. Starting from a compromised low-privilege user (Susie), the attacker uses tools like Adeleig and Net Tools to find insecure ACL permissions, then Locksmith and Certify to identify and abuse Active Directory Certificate Services (ADCS) vulnerabilities (ESC4 → ESC1). By modifying a certificate template to allow subject alternative name enrollment, the attacker impersonates a domain admin, uses Rubeus to request a Kerberos ticket, and gains full domain controller access via PS Remoting. The demo also covers detection evasion, blue team remediation advice, career paths into pentesting (PNPT, CRTO certifications), and the continued prevalence of on-prem AD in enterprise environments.

Hacking Windows Active Directory in 10 minutes