Think your network is locked down? Think again. In this episode of Cyberside Chats, we’re joined by Tom Pohl, LMG Security’s head of penetration testing, whose team routinely gains domain admin access in over 90% of their engagements. How do they do it—and more importantly, how can you stop real attackers from doing the same?
Tom shares the most common weak points his team exploits, from insecure default Active Directory settings to overlooked misconfigurations that persist in even the most mature environments. We’ll break down how features like SMB signing, legacy broadcast protocols, and other out-of-the-box settings designed for ease, not security, can quietly open the door for attackers—and what security leaders can do today to shut those doors for good.
Whether you're preparing for your next pentest or hardening your infrastructure against advanced threats, this is a must-watch for CISOs, IT leaders, and anyone responsible for securing Windows networks.
Takeaways:
- Eliminate Default Credentials: Regularly audit and replace default logins on network-connected devices, including UPS units, printers, cameras, and other infrastructure.
- Harden AD Certificate Services: Review certificate template permissions and AD CS configurations to block known exploitation paths that enable privilege escalation.
- Enforce SMB Signing Everywhere: Enable and enforce both client and server SMB signing via Group Policy to prevent authentication relay attacks.
- Clean Up File Shares: Scan internal shares for exposed passwords, scripts, and sensitive data, then implement role-based access control by locking down permissions and eliminating unnecessary access.
- Disable Legacy Protocols: Turn off LLMNR, NetBIOS, and similar legacy protocols to reduce the risk of spoofing and name service poisoning attacks.
References:
“Critical Windows Server 2025 DMSA Vulnerability Exposes Enterprises to Domain Compromise” (The Hacker News)
https://thehackernews.com/2025/05/critical-windows-server-2025-dmsa.html
“Russian GRU Cyber Actors Targeting Western Logistics Entities and Tech Companies” (CISA Alert)
LMG Security – Penetration Testing Services (Identify weaknesses before attackers do)
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Cardiac Cowboys
The heart was always off-limits to surgeons. Cutting into it spelled instant death for the patient. That is, until a ragtag group of doctors scattered across the Midwest and Texas decided to throw out the rule book. Working in makeshift laboratories and home garages, using medical devices made from scavenged machine parts and beer tubes, these men and women invented the field of open heart surgery. Odds are, someone you know is alive because of them. So why has history left them behind? Presented by Chris Pine, CARDIAC COWBOYS tells the gripping true story behind the birth of heart surgery, and the young, Greatest Generation doctors who made it happen. For years, they competed and feuded, racing to be the first, the best, and the most prolific. Some appeared on the cover of Time Magazine, operated on kings and advised presidents. Others ended up disgraced, penniless, and convicted of felonies. Together, they ignited a revolution in medicine, and changed the world.
The Joe Rogan Experience
The official podcast of comedian Joe Rogan.