Users, Computers, DA, Ent Admins, Shares, Domain

Enum OU'S, GPO's

Enum ACL's, Modify Rights/Permissions

Enum domains, Map Trusts, Map External Trust

Local Privilege Escaltion


Escalate form User (mimikatz)

Dump hashes, Golden Ticket, Golden Ticket to DA

Silver Tickets

Skeleton Key Attack



Modify Security Descriptors

Kerberoast Attack, Crack password

Kerberos Pre Auth, AS-REP, GennericWrite/All

Check UserAccountControl Permissions, set SPN to obtain TGS

Uncontrained Delegation, Printer Bug

Users with Contrained Delegation Request TGS, Pass the ticket to service, ENum accounts in DC and request TGT, use that TGS for DCSync

Using DA access, priv esc to EntAdmin, Using Domain Trustkey