Cyberside Chats: Live! How Hackers Get In: Penetration Testing Secrets from the Front Lines
Think your network is locked down? Think again. In this episode of Cyberside Chats, we’re joined by Tom Pohl, LMG Security’s head of penetration testing, whose team routinely gains domain admin access in over 90% of their engagements. How do they do it—and more importantly, how can you stop real attackers from doing the same?
Tom shares the most common weak points his team exploits, from insecure default Active Directory settings to overlooked misconfigurations that persist in even the most mature environments. We’ll break down how features like SMB signing, legacy broadcast protocols, and other out-of-the-box settings designed for ease, not security, can quietly open the door for attackers—and what security leaders can do today to shut those doors for good.
Whether you’re preparing for your next pentest or hardening your infrastructure against advanced threats, this is a must-watch for CISOs, IT leaders, and anyone responsible for securing Windows networks.
Takeaways include:
- The most common footholds and privilege escalation paths seen in the wild
- Actionable fixes to close security gaps before attackers exploit them
- How to get more value out of your pentest by remediating the right issues
Speakers
Founder
LMG Security
Sherri Davidoff is the Founder of LMG Security and the author of three books, including “Ransomware and Cyber Extortion” and “Data Breaches: Crisis and Opportunity.” As a recognized expert in cybersecurity, she has been called a “security badass” by the New York Times. Sherri is a regular instructor at the renowned Black Hat trainings and a faculty member at the Pacific Coast Banking School. She is also the co-author of Network Forensics: Tracking Hackers Through Cyberspace (Prentice Hall, 2012), and has been featured as the protagonist in the book, Breaking and Entering: The Extraordinary Story of a Hacker Called “Alien.” Sherri is a GIAC-certified forensic examiner (GCFA) and penetration tester (GPEN) and received her degree in Computer Science and Electrical Engineering from MIT.
Director of Training and Research
LMG Security
Matt Durrin is the Director of Training and Research at LMG Security and a Senior Consultant with the organization. He is an instructor at the international Black Hat USA conference, where he has taught classes on ransomware and data breaches. Matt has conducted cybersecurity seminars, tabletop exercises and classes for thousands of attendees in all sectors, including banking, retail, healthcare, government, and more. He is also the co-author of a new book, Ransomware and Cyber Extortion: Response and Prevention. A seasoned cybersecurity and IT professional, Matt specializes in ransomware response and research, as well as deployment of proactive cybersecurity solutions. Matt holds a bachelor’s degree in computer science from the University of Montana, and his malware research has been featured on NBC Nightly News.
Penetration Testing Team Manager & Principal Consultant
LMG Security
Tom is a seasoned hacker and the winner of many hacking competitions including Wild West Hackin’ Fest, Circle City Con, THOTCON, BSidesLV, and DEFCON. Tom is a seasoned presenter at major security conferences such as DEFCON, BSidesLV, CornCon, and SecDSM and he has led technical training classes for many organizations. In addition, Tom also discovered several vulnerabilities that have been covered in a number of major industry publications. Tom leverages his wealth of experience to support LMG Security’s customers as the Penetration Testing Team Manager and a Senior Cybersecurity Consultant. Prior to working for LMG, Tom was the head of software architecture at Businessolver for nearly 20 years..
