WADComs

WinPeas +‣+ ‣+ ‣ + bloodhound +

Find-InterestingDomainAcl Find-InterestingFile Find-InterestingDomainShareFile

To enumerate domain information, we should be under a domain context, such as a domain user, the NT AUTHORITY\SYSTEM context, or a domain machine account. We won't be able to enumerate successfully if we are under a local account's context, such as a local administrator account, a local service account (such as the IIS service account), etc.

Enumerating Security Controls

Data Enumeration

Data Visualization on ADExplorer

Other vectors

Cheat sheet

Always Dump hashes and check shares after gaining access or cred

see also the bin