tl;dr The training was fantastic, but the exam was shocking.
I was recently in a position where I had code execution on an ADFS server, under the context of the ADFS service account, and wanted to use ADFSDump as part of a golden SAML attack. This post details the two hurdles I encountered and how they were overcome, namely:
dump function of SharpSphere allows operators to dump LSASS from any powered on VM managed by vCenter or ESXI, without needing to authenticate to the guest OS and without needing VMware Tools to be installed.
Deployed by all Fortune 500 & Fortune Global 100 companies*, you’re pretty much guaranteed to come up against vSphere on your offensive engagments.