4.6
Structuring Your Presentation
The readout can be a presentation followed by client Q&A that lasts 15 minutes or it can span to 60+ minutes. You need to structure your presentation to convey as much impact as possible whilst respecting everyone’s time.
Three principles:
Lead with the highest business risk, not the most technical finding. The Domain Admin attack path is your opening, not the SMB signing issue. The client cares about what threatens their business, not what was most interesting to exploit.
Tell the story of the attack chain. You may not always need to present findings as isolated items. Show how they connect: “We started with a low-privilege account, Kerberoasted a service account, used it to reach the SQL server, and leveraged unconstrained delegation to become Domain Admin.” That’s a narrative, and narratives are persuasive.
End with the ask. Your last slide should be your prioritized remediation recommendations. End the presentation with what you need the client to do.
You’re building TadiSec’s readout for Navigating Security Corp. Choose which finding to lead with, and rank the presentation order.
Structure the Readout
ranking
You have 5 minutes to present TadiSec's findings to Navigating Security Corp. Order these presentation topics from first to last.
- 1AS-REP roastable account — svc_monitor has pre-authentication disabled
- 2Kerberoastable service account with weak password (svc_adbackup, cracked in 6 minutes)
- 3Prioritized remediation recommendations
- 4The complete attack path: low-privilege user → Kerberoast svc_adbackup → DCSync → full domain compromise
- 5Missing account lockout policy — unlimited password attempts allowed
- 6Excessive Domain Admin group membership — 9 members, 7 unexpected