Internal Pentest Starter Pack: (Vulns I see on almost every engagement) ✅Local admin password reuse ✅File shares with web configs that have plaintext pw in them ✅20 yr old service account in DA with a crackable pw ✅ EDR missing on numerous hosts (of which we have access to a few)

@techspence The Built-In Domain Administrator account with a 6 character crackable pw which is also being used by devs for remote login to things like SQL to administer. Yes, that’s a true finding

@techspence It can be also a nice Ransomware operator starter pack

@techspence Mmmm. I have none of these. I guess my work here is done. Right? Right?

@techspence ESC1 & ESC8

@techspence SQL Server with sa blank password

@techspence Was just looking for something like this! Thank you sir!

@techspence - Users allowed to register domain computers

@techspence or better, the vulns from last year present in this test

@techspence Ntlm poisoning Printer with default creds with ldap config

@techspence Our vendor says that having the same local admin password everywhere isn't a problem if the local admin account is disabled. Is this true?