windows

active directory

tools

  • bloodhound
  • nishang - offensive powershell for red team, penetration testing and offensive security.
  • snmpwalk
  • hydra - bruteforce logins
    • slow to avoid timeouts, so you want a smaller password lists
  • enum4linux - null session enumeration
  • crackmapexec - grab plaintext passwords out of memory
  • responder - dns spoofing tool
  • bettercap - arp spoofing

notes