AD
No credentials
- user enum (kerbrute, smb, ldap, OWA)
- as_rep roasting
- zero logon
- bruteforce administrator dc
- password spray
One domain user
- get all ad users
- as_rep roasting (all users)
- kerberoasting
- bloodhound
- credentials or password reuse
- nopac
- smbclient on DC
- get-gpp
- credentials in userPassword & unixUserPassword & Description
- exposed services
Localadmin
- dump SAM
- dump logonPasswords
- Pass The Hash
- credentials or password reuse