Often, during penetration testing, we find ourselves with elevated access (Domain Admin) within an organization. Some companies stop there, thinking that obtaining Domain Admin is the ultimate goal. But it’s not. “Getting Domain Admin” doesn’t mean much to most executives, other than demonstrating the risk it entails. One of the best ways to demonstrate the risk to an organization is to demonstrate the ability to access sensitive data. Here we describe penetration testing of Exchange 2019 in a GOADv3 lab configured on Ludus/Debian. Tools Used The primary toolkit used is MailSniper , a PowerShell suite designed for internal enumeration and abuse of