No longer can we expect to accomplish all our red team objectives in a flat network consisting entirely of Active Directory-joined hosts. Segregated networks, non-domain joined systems, third-party storage providers, and the growing presence of Unix systems have made exploiting an enterprise much more complicated than simply gaining Domain Admin access. Often, intellectual property, client data, credit card information, and other PII are segregated onto different hosts and environments that cannot communicate with one-another. In this talk, I walk you through the newest methodologies in place to both find and exploit these hidden systems and assets when they are outside the domain.