Service accounts are that gray area between regular user accounts and admin accounts that are often highly privileged. They are almost always over-privileged due to documented vendor requirements or because of operational challenges (“just make it work”). We can discover service accounts by looking for user accounts with Kerberos Service Principal Names (SPNs) which I … Continue reading| Active Directory & Azure AD/Entra ID Security
Collect data To collect data you need a tool called SharpHound.exe Download it from: https://github.com/BloodHoundAD/BloodHound/tree/master/Ingestors Run the following command with a normal "Domain User" to enumerate Group Membership, Trusts, ACLs, ObjectProps, Containers, and GPO Local Admins within a Domain: SharpHound.exe -c DCOnly When finished, a zip file should have been generated - example: 20200220204118_BloodHound.zip Database| wirzfamily.ch