Final thoughts on enumeration and discovery
We have only scratched the surface in terms of the process of enumeration and discovery for privilege escalation. However, starting with the checklist on Linux or Windows, it is a good basis for being thorough in exploring all aspects of a machine to find exploitable features, misconfigurations and other vulnerabilities. Although we have touched on Active Directory in this chapter, it is a large subject and important because of the centralized nature of the administration. A compromise of AD potentially means that an attacker has control over all machines and users in an organization. This is what we will look at in more detail in the next chapter.