What are LLMNR and NetBIOS-NS? They’re both methods of resolving hostnames to IP addresses. On your network if you try to contact a system by name first of all DNS will be used, but if that fails LLMNR will be attempted followed by NetBIOS. LLMNR is the successor to NetBIOS and it supports IPv6 and multicast addresses.
On a Penetration Test, once you’ve scored Domain Admin (DA) Access, it’s generally a good idea to take a look at the hashes stored in Active Directory (AD). Not least because it’ll point out all of the weak accounts that you missed on your journey to DA but also because password reuse across accounts may get you into other systems, such as Linux servers or the network infrastructure.
There are a few methods of dumping hashes and every PenTester I expect knows one of these, but I’ve included a few as it’s always good to have a backup plan.