BloodHound Collection
windowschecklist
Walkthrough
Collect full domain data with BloodHound to map attack paths. A good hit reveals shortest paths to Domain Admin via group memberships, ACLs, or sessions.
Commands
bash
netexec ldap <IP> -u <USER> -p '<PASS>' --bloodhound --collection All --dns-server <IP>