DNS
DNS
DNS is useful for all sorts of things - finding internal web servers by subdomain, locating orphaned DNS records for Kerberos shenanigans, and even just locating domain controllers. Try doing zone transfers or brute forcing subdomains.
Locate Domain Controllers
dig SRV _ldap._tcp.dc._msdcs.contoso.comZone Transfer
dig axfr contoso.comLast updated