Get-AllTrusts will list the trusts for the inputted or current domain/forest. Will also output status of SIDFiltering and SelectiveAuthorization
If SIDFiltering is disabled, attackers can perform a SIDHistory attack to gain DA/EA privileges from one Domain/Forest to another Domain/Forest. See more on the attack here: https://adsecurity.org/?p=1640
Will grab the trust information for the domain the current user is a member of
PS C:\> Get-AllTrusts
Will grab the trust information for all the trusts with ABC.LOCAL Domain/Forest. You can pipe the results to Format-Table (ft) for easier reading
PS C:\> Get-AllTrusts -domain ABC.LOCAL | ft
Invoke-AdminAccessFinder is a supplement to PowerView’s Invoke-EnumerateLocalAdmin. Invoke-AdminAccessFinder will search a list of hosts that the specified user/group has administrative access to. Invoke-AdminAccessFinder gets it’s dataset by importing the CSV output from PowerView’s Invoke-EnumerateLocalAdmin function. Invoke-AdminAccessFinder identifies the security group membership for the user/group, recursively (with [TokenGroups] (https://msdn.microsoft.com/en-us/library/ms680275(v=vs.85).aspx)) and will return a list of hosts that the user/group and any of its group memberships have administrative access on.
On first execution of Invoke-AdminAccessFinder, you will be prompted to import the CSV file. Invoke-AdminAccessFinder will only ask for the CSV once per PowerShell session unless the -Clean switch is specified.
Tests a specified username with a password that matches their username. You can specify a username via the
SamAccountName parameter or you can pass this into the pipeline.
Adds a user to the local administrator group for the specified computer. (Without using net.exe)
Deletes a local user from the specified computer (Without using net.exe)