The Cyber Threat Perspective Episode 156: Post-Exploitation Tactics That Still Work in 2025
Nov 7, 2025
In this conversation, Tyler Roberts, a penetration tester with expertise in post-exploitation tactics, shares the insider's view on strategies that still prevail in 2025. He and Spencer delve into the importance of credential access and the dangers of password reuse. They discuss effective techniques like Kerberoasting and the implications of misconfigurations in ADCS. Other key topics include evasion methods like DLL injection, credential theft via browsers, and current trends in data exfiltration using cloud tools. It's a must-listen for cybersecurity enthusiasts!
AI Snips
Chapters
Transcript
Episode notes
Hunt File Shares For Credentials
- Search file shares, SharePoint, and document repositories for credential files and service-account notes.
- Remove temporary backups and sensitive docs from shared locations immediately.
Stop Storing Plaintext Passwords
- Avoid storing plaintext credentials or step-by-step access instructions on shared drives.
- Use secure vaults and rotate service-account passwords to prevent easy reuse attacks.
Domain Backup Left On Share
- Spencer found a readable VMDK of a domain controller on an open file share and extracted ntds.dit.
- He cracked ~20% of thousands of domain passwords from that backup file left by an admin.