PowerView - Session and User Hunting

Active Directory AD Enumeration windows

Logged-on user enumeration

Get-NetLoggedon | select UserName
Get-NetLoggedon -ComputerName DC01
Get-NetSession
Get-NetSession -ComputerName files04

Find where a target user is logged in

Invoke-UserHunter
Invoke-UserHunter -CheckAccess
Invoke-UserHunter -GroupName "Domain Admins"

Sysinternals PsLoggedon

.\PsLoggedon.exe \\files04

Hunt workflow

Get Domain Admin members
Get list of computers
Run Get-NetLoggedon/Get-NetSession against each
Find any computer with a Domain Admin session
Confirm you’re a local admin on that computer