More info to LAPS

Author: kristofhracza

Resources/Tools.md

@@ -129,6 +129,7 @@ If data cannot be found in those files, one might try to go back one folder to `
 - [Mimikatz in python](https://github.com/skelsec/pypykatz)
 - [mRemoteNG Decryptor](https://github.com/kmahyyg/mremoteng-decrypt)
 - [bloodyAD](https://github.com/CravateRouge/bloodyAD)
+- [crackmapexec](https://github.com/byt3bl33d3r/CrackMapExec)
 
 # Reverse Engineering
 

Windows Hardening/Active Directory/LAPS.md

@@ -1,7 +1,13 @@
+# Overview
 **LAPS** allows you to manage the local **Administrator** password (which is randomised, unique, and changed regularly) on domain-joined computers. These passwords are centrally stored in Active Directory and restricted to authorised users using ACLs. Passwords are protected in transit from the client to the server using Kerberos v5 and AES.
 
 When using LAPS, 2 new attributes appear in the computer objects of the domain: `ms-mcs-AdmPwd` and `ms-mcs-AdmPwdExpirationTime`. These attributes contains the plain-text admin password and the expiration time. Then, in a domain environment, it could be interesting to check which users can read these attributes.
 
+## Tools
+- [PowerView](https://github.com/PowerShellMafia/PowerSploit/blob/dev/Recon/PowerView.ps1)
+- [crackmapexec](https://github.com/byt3bl33d3r/CrackMapExec)
+
+
 # Check If Activated
 ```powershell
 reg query "HKLM\Software\Policies\Microsoft Services\AdmPwd" /v AdmPwdEnabled