Comment on page
When attacking an Active Directory, or in fact any system, it is essential to gather useful information that will help define who, what, when and where. Here are some examples of what information to look for.
- The domain name. It can be found with standard LDAP queries, recon through MS-RPC named pipes, by combining different recon techniques with enum4linux, by inspecting multicast and broadcast name resolution queries, ...