So I wanna see some writeups for windows boxes. On nix* I can get root and just cat /etc/shadow for the token.
Windows is a different story, the AV or PS amsi is a pain in the ass.
Just wondering how you guys are getting token for windows boxes. Getting an Invoke-mimikatz.ps1 or mimi.exe on the machines is almost impossible before it gets blocked. What are you guys doing post admin/root flag to get the tokens to see some writeups? Thanks