4.6
Structuring Your Presentation
The readout is a five-minute presentation followed by client Q&A. Five minutes is not a lot of time. You can’t walk through every finding. You need to structure your presentation for maximum impact.
Three principles:
Lead with the highest business risk, not the most technical finding. The Domain Admin attack path is your opening, not the account lockout policy finding. The client cares about what threatens their business, not what was most interesting to exploit.
Tell the story of the attack chain. Don’t present findings as isolated items. Show how they connect: “We started with a low-privilege account, Kerberoasted a service account with a weak password, and used its misconfigured replication rights to DCSync the entire domain — every credential hash, including krbtgt — without ever logging into the domain controller interactively.” That’s a narrative, and narratives are persuasive.
End with the ask. Your last slide should be your prioritized remediation recommendations. End the presentation with what you need the client to do.
You’re building TadiSec’s readout for Navigating Security Corp. Choose which finding to lead with, and rank the presentation order.
Structure the Readout
ranking
You have 5 minutes to present TadiSec's findings to Navigating Security Corp. Order these presentation topics from first to last.
- 1The complete attack path: low-privilege user → Kerberoast svc_adbackup → DCSync → full domain compromise
- 2Missing account lockout policy — unlimited password attempts allowed
- 3Excessive Domain Admin group membership — 9 members, 7 unexpected
- 4Prioritized remediation recommendations
- 5Kerberoastable service account with weak password (svc_adbackup, cracked in 6 minutes)
- 6AS-REP roastable account — svc_monitor has pre-authentication disabled