I've got 4 gateways capturing traffic for two domain controllers a piece. I've been playing around with mimikatz in the lab and I'm not seeing any pth alerts. I was able to dump credentials from about ten different servers without any alerts.
Have I missed something? Do I need to forward traffic from the servers as well?
