> For the complete documentation index, see [llms.txt](https://oscp.adot8.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://oscp.adot8.com/active-directory/post-compromise-attacks.md).

# Post-Compromise Attacks

## Playbook

* Start off with quick wins such as [Kerberoasting](/active-directory/post-compromise-attacks/kerberoasting.md),[ ](/active-directory/post-compromise-attacks/dumping-and-cracking-hashes.md)[Secretsdump](/active-directory/post-compromise-attacks/dumping-and-cracking-hashes.md) and [Pass the Hash](/active-directory/lateral-movement/pass-the-hash.md)
* Reiterate and duplicate
  * Access to new machine via [Pass the Hash](/active-directory/lateral-movement/pass-the-hash.md)
  * [Dump SAM ](/active-directory/post-compromise-attacks/dumping-and-cracking-hashes.md)and crack hashes
  * Try to move vertically
  * [Pass hashes](/active-directory/lateral-movement/pass-the-hash.md) around again
* [Enumerate ](/active-directory/post-compromise-enumeration.md)some more
* Search for [old vulnerabilities](/active-directory/post-compromise-attacks/gpp-cpassword-attacks.md)
