A penetration tester is performing internal reconnaissance within a large Active Directory domain with thousands of objects. The goal is to enumerate members of privileged groups, like 'Domain Admins', as efficiently as possible. Given the need to minimize scripting complexity and execution time, which method is most suitable?
Using a PowerShell-based reconnaissance module to run a function like Get-NetGroupMember
Executing the net group command for each administrative group and parsing the text output
Looping through WMI queries for each privileged group's members
Authoring a custom VBScript to connect via ADSI and iterate through group memberships
Using a PowerShell-based reconnaissance module that includes functions like Get-NetGroupMember is the most efficient method for enumerating AD group membership. These modules are designed for speed and return structured data (objects) that are easy to work with, requiring minimal scripting. In contrast, looping WMI queries can be slow and complex in large environments. The legacy net group command requires running it for each group and parsing unstructured text output, which is inefficient. Developing a custom VBScript involves significantly more code and effort compared to a single PowerShell command.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the Get-NetGroupMember cmdlet?
Open an interactive chat with Bash
Why does a WMI query involve more overhead?
Open an interactive chat with Bash
What makes scripting in VBScript less efficient for this task?