TL;DR+——————————-+| INITIAL ENUMERATION |+——————————-+ DOMAIN ENUM (if joined)BloodHound / SharpHound WHOAMI?whoamiecho %username% PRIVILEGES?whoami /priv SYSTEM INFOsysteminfowmic os get Caption,CSDVersion,OSArchitecture,Version SERVICESwmic service get name,startnamenet start ADMIN CHECKnet localgroup administratorsnet user NETWORKnetstat -anoyroute printarp -Aipconfig /all USERSnet usersnet usernet localgroup FIREWALLnetsh advfirewall firewall show rule name=all SCHEDULED TASKSschtasks /query /fo LIST /v > schtasks.txt INSTALLATION RIGHTSreg query … Continue reading Windows Privilege Escalation – Resources