In this presentation, we’ll explore the strange and unexpected methods I’ve used to gain Domain Administrator access during penetration tests over the years. From the simplest overlooked misconfigurations to more intricate attack paths, this session will walk you through real-world scenarios that highlight both well-known and obscure tactics with hopefully a few laughs along the way.
Importance: "Drawing from real-world experiences, this talk offers practical insights into creative attack paths that offensive security professionals might miss." - Nicholas Anastasi
Nicholas Anastasi started his career in cybersecurity at Sprocket Security and hasn’t looked back. Continuous Penetration Testing is all he knows, and in his day-to-day work, he leads the penetration testing team, writes a ton of Python, and works tirelessly to improve the CPT process. In his free time, Nicholas enjoys running and eating too much candy.
CypherCon is an annual, community-driven cybersecurity and hacker conference that brings together over 2500 technologists, hackers, security enthusiasts, and privacy professionals to share knowledge and foster collaboration on emerging threats, techniques, and best practices. Held in Milwaukee as part of "InfoSec Spring Break" with BSidesMKE , it emphasizes hands-on activities, engaging talks, and networking to cultivate a culture of curiosity, exploration, and ethical hacking. CypherCon also happens to be the largest technology conference in Wisconsin. https://cyphercon.com
EXECUTIVE PRODUCER & SHOW ORGANIZER: Michael Goetzman
VIDEO & SOUND PRODUCTION COMPANY: Flash Fire Productions
ADDITIONAL EDITING: Matt Davis
Copyright © 2025 by Michael Goetzman (Monster) & CypherCo
