In this presentation I will cover the basics of how to perform dictionary attacks against Windows Active Directory accounts safely. Below is an overview of the steps that will be covered: Identify domains Enumerate domain controllers Enumerate users from domain controllers Enumerate password policy from domain controllers Perform dictionary attack More security blogs by the authors can be found @ https://www.netspi.com/blog/