Initial Attack Strategy

Playbook

• Start off with Responder and mitm6 at times where users are connecting to network drives

• Scan the network and gather information

• Bruteforce domain usernames with Kerbrute then password spray

• Find internal websites in scope. They might have default credentials

• Be creative