Admittedly, I haven’t touched Windows Server in a few years. I have my MCSE Security on Windows Server 2003, and while things haven’t changed that much in the world of Windows Server since I...
Pentester, 20 year technology professional, lifelong geek and lover of all things tech.
Something fun that worked for me today:
1. Get low priv creds (various methods)
2. Find Exchange servers: https://github.com/aslarchergore/exchange_hunter2
3. Run https://github.com/Ridter/Exchange2domain, an all-in-one tool for privexchange
4. Collect NTDS
5. Remove Replication-Get-Changes-All privileges for owned user