AD Approach

  1. Get access to a local admin or system level shell.
  2. Enumerate Active Directory, check who is logged on and where. Target users belonging to high-value groups
  3. Go through the auth checklist and gather as much of auth info as possible
  4. Lateral moves within the AD
  5. Achieve AD persistence