Hello! This week Joe “The Machine” Skeen and I kicked off a series all about pentesting GOAD (Game of Active Directory).  In part one we covered:

• Checking for null session enumeration on domain controllers
• Enumerating systems with and without SMB signing
• Scraping AD user account descriptions
• Capturing hashes using Responder
• Cracking hashes with Hashcat