红队/ CTF速查表
快速列举
# Perform portscan on hosts
Invoke-Portscan - Hosts " 192.168.1.10 " - TopPorts 50
# Basic User info
Get-NetUser - UACFilter NOT_ACCOUNTDISABLE | select samaccountname , description , pwdlastset , logoncount , badpwdcount
# Find users with sidHistory set
Get-NetUser - LDAPFilter ' (sidHistory=*) '
# ASREPRoastable users
Get-NetUser - PreauthNotRequired
# Kerberoastable users
Get-Ne