> For the complete documentation index, see [llms.txt](https://ad-lab.gitbook.io/building-a-windows-ad-lab/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://ad-lab.gitbook.io/building-a-windows-ad-lab/vulnerabilities-and-misconfigurations-and-attacks/initial-access-attacks.md).

# Initial Access Attacks

- [Username Enumeration](https://ad-lab.gitbook.io/building-a-windows-ad-lab/vulnerabilities-and-misconfigurations-and-attacks/initial-access-attacks/username-enumeration.md): It is possible to enumerate valid usernames without authentication by sending TGT requests with no pre-authentication.
- [Password Spraying](https://ad-lab.gitbook.io/building-a-windows-ad-lab/vulnerabilities-and-misconfigurations-and-attacks/initial-access-attacks/username-enumeration/password-spraying.md): People don't always choose strong passwords, neither do IT people for temporary accounts. Spraying passwords against all found user accounts is effective for getting access to the domain.
- [AS-REP Roasting](https://ad-lab.gitbook.io/building-a-windows-ad-lab/vulnerabilities-and-misconfigurations-and-attacks/initial-access-attacks/username-enumeration/as-rep-roasting.md)
- [Empty Password](https://ad-lab.gitbook.io/building-a-windows-ad-lab/vulnerabilities-and-misconfigurations-and-attacks/initial-access-attacks/username-enumeration/empty-password.md): It is possible that accounts have an empty password if the useraccountcontrol attribute contains the value PASSWD\_NOT\_REQ.
- [SMB Relaying](https://ad-lab.gitbook.io/building-a-windows-ad-lab/vulnerabilities-and-misconfigurations-and-attacks/initial-access-attacks/smb-relaying.md)
- [SMB Null-Session (To-Do)](https://ad-lab.gitbook.io/building-a-windows-ad-lab/vulnerabilities-and-misconfigurations-and-attacks/initial-access-attacks/page-3.md)
- [SQL Server default login](https://ad-lab.gitbook.io/building-a-windows-ad-lab/vulnerabilities-and-misconfigurations-and-attacks/initial-access-attacks/sql-server-default-login.md): By default the SA user is NOT enabled. Administrators might enable it during the installation and choose a weak password.
