We hunt for specific users
find users with local admin access
rpc and smb can be disabled - run find wmi local admin access script in that case
very noisy
find domain admins - interesting target
invoke user hunter
stealth mode will only query high value target reducing noise-but also reduces chance of success
Defense
hardening
netcease script can prevent userhunting - can break stuff
samri-10