# #574: Hacking Windows Active Directory in 10 minutes Page: https://stenobird.com/podcast/david-bombal-5315180/574-hacking-windows-active-directory-in-10-minutes Text version: https://stenobird.com/podcast/david-bombal-5315180/574-hacking-windows-active-directory-in-10-minutes.md Podcast: [David Bombal](https://stenobird.com/podcast/david-bombal-5315180) Published: 2026-04-14T13:24:44+00:00 Episode link: https://soundcloud.com/davidbombal/574-hacking-windows-active Audio file: https://feeds.soundcloud.com/stream/2302408454-davidbombal-574-hacking-windows-active.mp3 Processing state: not_requested JSON: https://stenobird.com/v1/public/podcasts/david-bombal-5315180/episodes/574-hacking-windows-active-directory-in-10-minutes Duration seconds: 1528 ## Resource Thank you ThreatLocker for sponsoring my trip to ZTW26 and also for sponsoring this video. To start your free trial with ThreatLocker please use the following link: https://www.threatlocker.com/davidbombal // Spencer Alessi’s SOCIAL // YouTube: / @techspence Website: https://spenceralessi.com/adsecuritykit/ X: https://x.com/techspence LinkedIn: / spenceralessi Swag: https://www.etsy.com/shop/ethicalthre... // ThreatLocker’s SOCIAL // LinkedIn: https://www.linkedin.com/company/thre... X: https://x.com/threatlocker Instagram: / threatlocker Website: https://www.threatlocker.com/ / David's SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: www.twitter.com/davidbombal Instagram: www.instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: www.facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal YouTube: / @davidbombal Spotify: open.spotify.com/show/3f6k6gE... SoundCloud: / davidbombal Apple Podcast: podcasts.apple.com/us/podcast... // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com // MENU // 0:00 - Coming up 0:54 - Spencer Alessi introduction & background 02:20 - Pentesting demo // Active Directory 03:34 - Control paths // Finding bad permissions with ADeleg 06:04 - Finding bad permissions with NetTools 06:52 - The most common issue 08:15 - Certificate abuse 12:20 - Quick recap 12:30 - Certificate abuse continued 15:10 - Pentesting summary 15:09 - How to become a pentester 18:48 - Recommended certifications 20:54 - Advice for blue teamers 22:15 - Overcoming being an introvert // Soft skills vs tech skills 23:43 - Windows hacking in the real world 24:54 - Conclusion Please note that links listed may be affiliate links and provide me wit… ## Actions - request_transcript: `POST https://stenobird.com/v1/public/podcasts/david-bombal-5315180/episodes/574-hacking-windows-active-directory-in-10-minutes/transcription-requests` — Idempotently request low-priority transcript generation for this episode. - read_markdown: `GET https://stenobird.com/podcast/david-bombal-5315180/574-hacking-windows-active-directory-in-10-minutes.md` — Read the agent-friendly Markdown representation of this episode resource. A page view does not enqueue transcription. Agents should invoke `request_transcript` explicitly when they need this episode processed. ## Transcript Full transcripts are not published on public pages unless there is a clear rights basis.