search

๐Ÿ–ฅ๏ธInitial Enmeration (Domain)

hashtag
Key Data Points

Data Point
Description

AD Users

We are trying to enumerate valid user accounts we can target for password spraying.

AD Joined Computers

Key Computers include Domain Controllers, file servers, SQL servers, web servers, Exchange mail servers, database servers, etc.

Key Services

Kerberos, NetBIOS, LDAP, DNS

Vulnerable Hosts and Services

Anything that can be a quick win. ( a.k.a an easy host to exploit and gain a foothold)

hashtag
Identifying Potential Vulnerabilities

hashtag
NT AUTHORITY\SYSTEM (local)

  • It has the highest level of access in the OS.

  • It is a built-in account in Windows operating systems.

  • Used to run most Windows services.

hashtag
System (domain-joined)

  • Able to enumerate Active Directory by impersonating the computer account.

  • Having SYSTEM-level access within a domain environment is nearly equivalent to having a domain user account.

๐Ÿ—„๏ธIdentifying Hostschevron-right๐Ÿ•ต๏ธโ€โ™€๏ธIdentifying Userschevron-right
PreviousCredential HuntingNextIdentifying Hosts

Last updated