Credentialed Enumeration - From Windows
AD Enumeration tools
AD Powershell cmdlet
Powerview
SharpView (can be useful when Powershell is blocked)
Bloodhound
Snaffler (to look for files and directories with juicy information).
Activate AD PowerShell Module
Get Domain Information
Get Domain SID
Get Domain Users Information
Filtering for users with the ServicePrincipalName
field populated.
Create a list of all domain users
Check for the PASSWD_NOTREQD Setting. Users with this flag set are not subject to the password policy.
ACL Enumeration
Trust Relationships
Group Enumeration
Get more specific information about a particular group
Group Membership
Computer Objects
Test Local Admin Role
Set properties to a domain object
Last updated