Attacking AD Command Cheat sheet
External Enumeration
Internal Enumeration
[[../enumeration/internal/Privileged Access to Services|Privileged Access to Services]] to services
[[../../../services/Remote Desktop]]
Get-NetLocalGroupMember -ComputerName MS01 -GroupName "Remote Desktop Users"
[[../../../services/WinRM]]
Get-NetLocalGroupMember -ComputerName MS01 -GroupName "Remote Management Users"
[[../../../services/MSSQL]] with [[../../../tools/PowerUpSQL]]
Get-SQLInstanceDomain
[[../enumeration/internal/Domain Trusts]]
Get-ADDomain | select name,parentdomain
Get-ADTrust -Filter *
Get-DomainTrust
With [[../../../tools/PowerView]]
Get-DomainTrustMapping