LLMNRCracking captured HashesSMB Relay Attacks (NTLM)Gaining Shell AccessIPv6 DNS Takeover via mitm6Domain Enumeration with LdapdomaindumpDomain Enum with BloodhoundDomain Enum with PlumhoundPingCastle—POST COMPROMISE—KerberoastingToken ImpersonationURL File AttacksGPP Attacks (cPassword Attacks)Mimikatz (there’s also Kiwi)Pass Attacks (The Pass/The Hash)POST-COMPROMISE STRATWe Own the Domain, now what?Dumping the NTDS.ditGolden Ticket w/ MimikatzShouldn’t Use Unless Approved
