🖥️Initial Enmeration (Domain)

Key Data Points

Data Point	Description
AD Users	We are trying to enumerate valid user accounts we can target for password spraying.
AD Joined Computers	Key Computers include Domain Controllers, file servers, SQL servers, web servers, Exchange mail servers, database servers, etc.
Key Services	Kerberos, NetBIOS, LDAP, DNS
Vulnerable Hosts and Services	Anything that can be a quick win. ( a.k.a an easy host to exploit and gain a foothold)

Identifying Potential Vulnerabilities

NT AUTHORITY\SYSTEM (local)

• It has the highest level of access in the OS.

• It is a built-in account in Windows operating systems.

• Used to run most Windows services.

System (domain-joined)

• Able to enumerate Active Directory by impersonating the computer account.

• Having SYSTEM-level access within a domain environment is nearly equivalent to having a domain user account.

🗄️Identifying Hosts🕵️‍♀️Identifying Users