Quick Wins

This is a collection of things to check for an easy way to domain admin

  • Bloodhound: paths from initial owned users to high value targets

  • Kerberoast & ASREPRoast

  • Credential reuse between low priv and high priv accounts

  • Abusing the Printerbug (relaying the authentication)

Common CVEs that give RCE

  • CVE-2020-0688 (Exchange)

  • CVE-2020-0708 (Bluekeep)

  • CVE-2020-0144 (Eternal Blue)

  • CVE-2020-0796 (SMBGhost)

  • CVE-2020-1472 (Zerologon)

  • CVE-2021-42287/CVE-2021-42278 (Sam-The-Admin/Nopac)

PreviousActive DirectoryNextTools

Last updated