#spnscanning
#FIM Forefront Identity Manager
#spnscanning for service accounts
what are we do with this in formation attack it.
1 > #Cracking service account passwords #kerberoast
2 > #exploiting group policy preferences.
\\Domain>\SYSVOL\<DOMAIN>\Policies\
Pivoting with local admin
3 > #Mimikatz
Dump Credentials
Dump Kerberos Tickerts
Credential Injection
Generate Silver and/or Golder tickets
#DumpCredentials
Get access the the NTDS.dit File & extract data
Dump creds on DC (Local or remote)
#Dump LSASS process memory
#NTDSUtil
#Dump password hashes from NTDS.dit
#KekeoTOOL [DA rights + DCSync]
#Sneaky AD persistence Tricks
+ DSRM
+ SSP
+ Skeleton key
+ Sid History
+ Custom WMI Provider
+ Powershell Empire
+ Kerberos Ticket Forging
+ Local policy
+ logon scripts
+ Group Policy
+ scheduled tasks
+ WMI
+ Output | SYSVOL
