7MS #716: Tales of Pentest Pwnage – Part 83

Today is my favorite pentest pwnage tale of 2026 – and maybe ever! It centers around an ADCS abuse via an attack path I’d never seen before. Tips include:

Use Netexec to pull Powershell history
Trying to steal reg hives and the EDR is made? Try copying them out to \\some-other-server.domain.com\share
This post featured interesting use of the Responder -N option

Tags: pentesting

Written by: Brian Johnson

Share on socials:

podcast

7MS #717: I Gave Up My Wife’s PHI (And I’d Do It Again)
Continue reading
podcast

7MS #716: Tales of Pentest Pwnage – Part 83
Continue reading
podcast

7MS #715: Tales of Pentest Pwnage – Part 82
Continue reading

7MS #716: Tales of Pentest Pwnage – Part 83

Recent Posts:

7MS #717: I Gave Up My Wife’s PHI (And I’d Do It Again)

7MS #716: Tales of Pentest Pwnage – Part 83

7MS #715: Tales of Pentest Pwnage – Part 82

About Us

Services

Resources