LLMNR Poisoning SMB Relay Attacks Responder msfconsole Impacket psexec smbexec wmiexec IPv6 Attacks IPv6 DNS Takeover Mitm6 https://github.com/dirkjanm/mitm6 https://dirkjanm.io/worst-of-both-worlds-ntlm-relaying-and-kerberos-delegation/
Active Directory Pentest Mind Map https://www.xmind.net/m/5dypm8/# https://tajdini.net/blog/penetration/active-directory-penetration-mind-map/ [[Active-Directory-Penetration-Manual_1.png]] [[Active-Directory-Penetration-Manual_1.png]]
nmap --script=smb2-security-mode.nse -p445 $IP [[SMB Signing Check.png]] Note: Message signing enabled and required = cannot relay Message signing disabled or enabled but not required = can relay By default, normal workstations #2 while servers (DCs included) #1