Explore pen testing techniques and common security vulnerabilities in this 49-minute conference talk from GrrCON 2017. Dive into external network attacks, focusing on password spraying, active reconnaissance, and exploiting weak domain passwords. Learn about Metasploit's rogue SMB server, capturing NTLMV2 credentials, and the dangers of exposed administrator panels. Examine the risks associated with lack of multi-factor authentication, principle of least privilege, and legacy Windows broadcast protocols. Discover SMB relay attacks, insecure password storage in Group Policy Preferences, and pivoting through VPN split tunneling. Gain insights on remediation strategies for various vulnerabilities, including SMB signing, cached credentials, and shared virtual centers. Enhance your cybersecurity knowledge and learn how to make a pen tester's job more challenging.