Windows MOC
Sections Windows MOC
Local Windows host work. Domain attacks live in AD MOC .
Enumerate
Escalate
- PrivEsc - Tokens & Privileges
- PrivEsc - Services & Registry
- PrivEsc - DLL & Unquoted Paths
- PrivEsc - Credentials & Files
- UAC Bypass
- PrivEsc - Kernel & Exploits
Living off the land
Move
- Lateral Movement then AD MOC
Scope
If the host is domain joined, local privesc is often just the step before AD MOC . Loot creds, then pivot to the domain.