> For the complete documentation index, see [llms.txt](https://oscp.adot8.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://oscp.adot8.com/active-directory/initial-attack-strategy.md).

# Initial Attack Strategy

## Playbook

* Start off with[ **Responder** ](/active-directory/initial-attack-strategy/llmnr-poisoning.md)and [**mitm6**](/active-directory/initial-attack-strategy/ipv6-attacks.md) at times where users are connecting to network drives
* Scan the network and gather information
* Bruteforce domain usernames with [Kerbrute](/active-directory/initial-attack-strategy/kerbrute.md) then password spray
* Find internal websites in scope. They might have default credentials
* [Be creative](/active-directory/initial-attack-strategy/passback-attack.md)
