In this episode of Hack Dissection, Mike Lisi is joined once again by ethical hacker Graham O’Donnell to unpack a memorable internal penetration test at a K-12 school district. What started with a forgotten, outdated Windows machine in a bus garage quickly escalated into full domain compromise—and revealed just how fragile infrastructure can be when one unpatched endpoint gets plugged back in.

Mike and Graham walk through each stage of the assessment, from asset mapping to privilege escalation, showing how seemingly minor oversights can trigger devastating cascading effects. Along the way, they highlight how tools like BloodHound, EternalBlue, and Mimikatz played pivotal roles, and why school districts—despite tight budgets—must prioritize cyber hygiene.

This episode dives into real-world tactics, practical takeaways for IT teams, and some wild detours into smartboards, PA systems, and Russian hacking forums.

🔐 Key topics:

• Pen testing vs. red teaming
• Internal vs. external assessments
• Risks of legacy systems in modern environments
• Miscommunications that lead to major security gaps
• The real-world implications of cached credentials

If you’re a school IT admin, security pro, or just a fan of behind-the-scenes cybersecurity stories, this episode is a must-listen.

🎧 Want to share your own pen test war story? Reach out: contact@malteksolutions.com