Lateral Movement with PowerView

PopLab AgencyPopLab Agency
1 min read

Find existing local admin access for the current user:

Find-LocalAdminAccess

Hunt for sessions of interesting users on machines where you have access:

Find-DomainUserLocation -CheckAccess | ?{$_.LocalAdmin -Eq True }

Search for kerberoastable users:

Get-DomainUser -SPN | select name,serviceprincipalname

Search for AS-REP roastable users:

Get-DomainUser -PreauthNotRequired | select name

Look for interesting ACLs within the domain, filtering on a specific user or group you have compromised

Find-InterestingDomainAcl -ResolveGUIDs | ?{$_.IdentityReferenceName -match "UserOrGroupToQuery"}

Get-DomainComputer -Unconstrained

Get-DomainUser -TrustedToAuth | select userprincipalname,msds-allowedtodelegateto

Get-DomainComputer -TrustedToAuth | select name,msds-allowedtodelegateto

Avatar of RFS

RFS (43)

HTB Offshore

Offshore NetworkTrain on real enterprise infrastructures with Hack The Box.

Offshore is a real-world enterprise environment that features a wide range of modern Active Directory flaws and misconfigurations.

Join the Network

Lateral Movement

Tagged in:

Active Directory, cyber red team training, Cyber Security, Keyword red team penetration testing, pen test red team, pen testing red team, pentesting red team, red team exercise examples, red team penetration testing, red team project management software

0
Subscribe to my newsletter

Read articles from PopLab Agency directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Active Directorycyber securitylateral movement

Written by

PopLab Agency
PopLab Agency