Post-Exploitation Enumeration

Overview

After gaining initial access to a system, enumeration determines what you have, where you are, and where to go next. Systematic post-exploitation enumeration identifies the current user context, system configuration, network position, installed software, and potential privilege escalation vectors. This is the foundation for every subsequent post-exploitation activity — escalation, credential harvesting, lateral movement, and persistence all depend on thorough enumeration.

Topics in This Section

• Linux Enumeration
• Windows Enumeration
• Active Directory Enumeration

General Approach

1. Situational awareness — who am I, where am I, what OS/kernel, what privileges
2. Network position — interfaces, routes, connections, accessible subnets
3. User and group context — local users, groups, sudo rights, domain membership
4. Running services — processes, listening ports, scheduled tasks
5. Installed software — packages, versions, known vulnerable applications
6. File system — writable directories, SUID/SGID binaries, sensitive files
7. Credential hunting — config files, history files, cached credentials
8. Defense posture — AV, EDR, firewall rules, logging configuration