I'm stuck on this bounty--I've turned up a number of subdomains, including one I believe belongs to the Israeli embassy, but none of them seem to have any vulnerabilities. Air Crack, WMI scanning, AD scanning are all useless if you don't have a VPN connection. I wasn't able to find anything that would allow a social media attack. I even tried some of the subdomains as potential interfaces for Hydra. Anybody have a hint?