# Initial Access Attacks

- [Username Enumeration](/building-a-windows-ad-lab/vulnerabilities-and-misconfigurations-and-attacks/initial-access-attacks/username-enumeration.md): It is possible to enumerate valid usernames without authentication by sending TGT requests with no pre-authentication.
- [Password Spraying](/building-a-windows-ad-lab/vulnerabilities-and-misconfigurations-and-attacks/initial-access-attacks/username-enumeration/password-spraying.md): People don't always choose strong passwords, neither do IT people for temporary accounts. Spraying passwords against all found user accounts is effective for getting access to the domain.
- [AS-REP Roasting](/building-a-windows-ad-lab/vulnerabilities-and-misconfigurations-and-attacks/initial-access-attacks/username-enumeration/as-rep-roasting.md)
- [Empty Password](/building-a-windows-ad-lab/vulnerabilities-and-misconfigurations-and-attacks/initial-access-attacks/username-enumeration/empty-password.md): It is possible that accounts have an empty password if the useraccountcontrol attribute contains the value PASSWD\_NOT\_REQ.
- [SMB Relaying](/building-a-windows-ad-lab/vulnerabilities-and-misconfigurations-and-attacks/initial-access-attacks/smb-relaying.md)
- [SMB Null-Session (To-Do)](/building-a-windows-ad-lab/vulnerabilities-and-misconfigurations-and-attacks/initial-access-attacks/page-3.md)
- [SQL Server default login](/building-a-windows-ad-lab/vulnerabilities-and-misconfigurations-and-attacks/initial-access-attacks/sql-server-default-login.md): By default the SA user is NOT enabled. Administrators might enable it during the installation and choose a weak password.