Pen test flagging things critical when using domain admin

This post has been de-listed

It is no longer included in search results and normal feeds (front page, hot posts, subreddit posts, etc). It remains visible only via the author's post history.

Post Flair (click to view more posts with a particular flair)

Analysis

Post Body

Just want to ask if something is normal with the results of a recent pen test we have engaged. The company sent a laptop to be placed on our network and after a week they gave us notice they were unable to gain a foothold and asked for a domain account to begin testing from a compromised account perspective. A few days later they say they were unable to obtain domain admin and asked to have the test account elevated to DA to see if they could get into Azure. They successfully got into Azure AD with this domain admin account and we now have a critical finding on our report for a potentially compromised AD.

Am I braindead or is this ridiculous? Like of course I’d expect a DA to be able to do everything?

Author

Account Strength

60%

Account Age

4 years

Verified Email

Verified Flair

Total Karma

1,881

Link Karma

455

Comment Karma

1,320

Profile updated: 3 days ago

StuntedGorilla

Subreddit

r/AskNetsec

Post Details

We try to extract some basic information from the post title. This is not always successful or accurate, please use your best judgement and compare these values to the post title and body for confirmation.

Posted: 3 months ago
Reddit URL: View post on reddit.com
External URL: reddit.com/r/AskNetsec/c...