3 Domain Reconnaissance and Discovery

This chapter will focus on domain enumeration. Even if the methodology looks obvious and straightforward, the process itself can seem daunting, and reconnaissance is a crucial stepping stone toward successful compromise. Moreover, it is important to reiterate enumeration after every move, as new paths may open up. Sometimes enumeration can lead to a direct compromise; for example, a compromised user could read Local Administrator Password Solution (LAPS) or Group Managed Service Accounts (gMSA) passwords or could have administrator privileges on the box with unconstrained delegation.

We will briefly refresh the reconnaissance methodology and start comprehensive enumeration in different ways. We will cover ...

Get Pentesting Active Directory and Windows-based Infrastructure now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Pentesting Active Directory and Windows-based Infrastructure by Denis Isakov

3

Domain Reconnaissance and Discovery

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly