search

Post-Compromise Enumeration

hashtag
Checklist

net user /domain
net group /domain
Get-ADDomain
[System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()
Import .\PowerView.ps1
Get-NetComputer | select operatingsystem,dnshostname
Find-LocalAdminAccess

  • Dump domain information using ldapdomaindump

  • For a better view use Bloodhound and or Plumbhound

  • Identify high value targets

    • Domain Administrators

    • Enterprise Administrators

    • Administrators

    • Service Accounts

  • ENUMERATE

PreviousMiscNextldapsearch

Last updated