# TAKEAWAYS - xxx --- # BLUF - xxx --- # Discover Ports & Services - `ping` test - `nmap` scan - light - `nmap` scan - detailed - `nmap` scan - UDP --- # Service Enum ## Port xxx (protocol): service_name ver. xxx - xxx ## Port xxx (protocol): service_name ver. xxx - xxx --- # AD Enum ## ASREP Roasting ```bash nxc ldap TARGET -d inlanefreight.local -u users.txt -p '' --asreproast ``` ## Kerberoasting ```bash nxc ldap TARGET -d inlanefreight.local -u username -p password --kerberoasting ``` ## ADCS ```bash nxc ldap TARGET -d inlanefreight.local -u username -p password -M adcs ``` ## BloodHound - Run remote ingestor ```bash /opt/rusthound-ce -d inlanefreight.local -u inlanefreight@username -p password -z ``` - Spin up container for bloodhound GUI ```bash cd /opt/bloodhound docker compose up -d ``` --- # AD Attack Chain ___ # Revisit Service Enum