Category: PowerShell

Feb 03

Low Privilege Active Directory Enumeration from a non-Domain Joined Host

Scenario You have recovered Domain User credentials for a domain but haveĀ  no privileged or interactive access to any targets i.e. no Domain Admin account or any account that is capable of establishing an RDP session. Introduction On a recent engagement I was performing an internal assessment against several untrusted Windows domains. Using Kerberos Domain …

Continue reading