Reconnaissance

When attacking an Active Directory, or in fact any system, it is essential to gather useful information that will help define who, what, when and where. Here are some examples of what information to look for.

The location of the domain controllers (and other major AD services like KDC, DNS and so on). This can be achieved by , by and with
The domain name. It can be found with , recon through , by combining , by , ...
Domain objects and relations between them with , with and with .

PreviousIntroduction NextDHCP

Last updated 1 year ago

Was this helpful?