The Cyber Threat Perspective Episode 156: Post-Exploitation Tactics That Still Work in 2025
Nov 7, 2025
In this conversation, Tyler Roberts, a penetration tester with expertise in post-exploitation tactics, shares the insider's view on strategies that still prevail in 2025. He and Spencer delve into the importance of credential access and the dangers of password reuse. They discuss effective techniques like Kerberoasting and the implications of misconfigurations in ADCS. Other key topics include evasion methods like DLL injection, credential theft via browsers, and current trends in data exfiltration using cloud tools. It's a must-listen for cybersecurity enthusiasts!
AI Snips
Chapters
Transcript
Episode notes
Password Reuse Between Accounts
- Tyler found a service account with a similar name to a domain admin and both reused the same weak password.
- That simple reuse granted elevated access with minimal effort.
Kerberoast Risk Persists
- Kerberoasting and weak service-account passwords remain high-value and common attack paths.
- Cracking one weak service password often unlocks broader reuse and lateral access.
Harden ADCS Certificate Templates
- Audit certificate templates and harden AD Certificate Services to prevent ESC1 misconfigurations.
- Restrict who can enroll certificates and monitor ADCS template permissions closely.