Post-Compromise Enumeration

Checklist

net user /domain

net group /domain

Get-ADDomain
[System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()

Import .\PowerView.ps1
Get-NetComputer | select operatingsystem,dnshostname
Find-LocalAdminAccess

Dump domain information using ldapdomaindump
For a better view use Bloodhound and or Plumbhound
Identify high value targets
- Domain Administrators
- Enterprise Administrators
- Administrators
- Service Accounts
ENUMERATE

Last updated 11 months ago