TryHackMe's Intro to AD Breaching Room Contains Persistent Security Flaw

The post describes a security issue in the Intro to AD Breaching room on TryHackMe, where a scheduled PowerShell task designed to simulate user activity was left running indefinitely. The task was configured without a timeout, allowing it to persist across room resets and enabling unintended credential capture via Responder. The author exploited domain Administrator rights from a previous room to disable the task’s timeout setting, exposing authentication attempts. The room only resets if enough users vote for it, and at the time, only 5 out of 20 votes had been cast.