So we’ve all played with RID cycling and GetAcct.exe but lately I guess we’ve not been pulling this out of our bag. Protection against this is now normal so we need a new way to enumerate usernames against a given domain. New info on this website is pointing towards a tool called ebrute that will allow enumeration of kerberos without having to take a password guess. On a decent machine… Continue reading