Enumeration involves active connections to systems and directed queries.
The type of information enumerated by intruders includes network resources and shares, users and groups and applications and banners.
Null sessions are used often by crackers to connect to target systems.
NetBIOS and SNMP enumerations can be disguised using tools such as snmputil, nat etc.
Zone transfers are used to retrieve information from windows networks. Often domain sensitive information may be retrieved which makes it easier for the cracker.
Tools such as user2sid, sid2user and userinfo can be used to identify vulnerable user accounts.