Active Directory: Post-Compromise Enumeration Flashcards

1
Q

When using a powershell script like PowerView, what command do we have to run to ensure the correct execution of the script? Explain it.

A
powershell -ep bypass

The -ep flag stands for Execution Policy and it is used to avoid executing scripts by accident, so the bypass policy enables the execution of ps1 scripts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Using PowerView

What command can be used to see a Domain Policy in more detail?

A
Get-DomainPolicy."policy name"
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Using PowerView

What command can be used to see logon counter for domain accounts? Why should you avoid attacking accounts with a 0 counter value?

A
Get-UserProperty -Properties logoncount

Accounts with a zeroed logon counter might be a honeypot account.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are the commands used to set Bloodhound up?

A
$ neo4j console && bloodhound
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Using Bloodhound

What kind of tool is used to grab AD data?

A

An ingestor like SharpHound.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What can be done with Bloodhound?
1 - Look for Domain Admin accounts.
2 - Identify high-value targets in the domain.
3 - Ensure persistent access to the domain.

A

1 and 2.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly