PowerView

• references

  • https://www.ired.team/offensive-security-experiments/active-directory-kerberos-abuse/active-directory-enumeration-with-powerview

Domain Enumeration

• Current Domain

Get-Domain

• Get the object of another domain

Get-Domain -Domain moneycorp.local 

• Get the domain SID for the current domain

Get-DomainSID 

• Get the domain policy for the current/ another domain

Get-DomainPolicy
Get-DomainPolicyData
(Get-DomainPolicyData).systemaccess

#for another domain
(Get-DomainPolicyData -domain moneycorp.local).systemaccess

• Get the Domain Controller of the current and another domain

Get-DomainController

#another domain
Get-DomainController -Domain moneycorp.local

Cross trust

• Get the domain trust relation

Get-DomainTrust

• Forest trust

Get-ForestTrust