Compromising 5,000 Servers CTF-Style

In September 2022, we completed an internal security assessment for a large client in the tech industry. The scope was enormous – about 20,000 hosts in scope split over eight different countries. Of these 20,000 hosts, there were approximately 50 Windows machines in a single domain. Our scenario assumed a stolen laptop of the lowest privileged user. This user had a standard account on AD with no access to the Linux infrastructure.