Active Directory: Post-Compromise Enumeration Flashcards
When using a powershell script like PowerView, what command do we have to run to ensure the correct execution of the script? Explain it.
powershell -ep bypass
The -ep flag stands for Execution Policy and it is used to avoid executing scripts by accident, so the bypass policy enables the execution of ps1 scripts.
Using PowerView
What command can be used to see a Domain Policy in more detail?
Get-DomainPolicy."policy name"
Using PowerView
What command can be used to see logon counter for domain accounts? Why should you avoid attacking accounts with a 0 counter value?
Get-UserProperty -Properties logoncount
Accounts with a zeroed logon counter might be a honeypot account.
What are the commands used to set Bloodhound up?
$ neo4j console && bloodhound
Using Bloodhound
What kind of tool is used to grab AD data?
An ingestor like SharpHound.
What can be done with Bloodhound?
1 - Look for Domain Admin accounts.
2 - Identify high-value targets in the domain.
3 - Ensure persistent access to the domain.
1 and 2.