- We have an account, now what?
- Search the quick wins:
- Kerberoasting
- Secretsdump
- Pass-the-Hash/Pass-the-Password
- No quick wins? Dig deep!
- Enumerate (Bloodhound etc.)
- Where does your account have access?
- Old vulnerabilities die hard
- Think outside the box