Active Directory Attacks

Overview

Active Directory (AD) is the dominant identity and access management system in enterprise Windows environments. AD attacks exploit Kerberos authentication, trust relationships, access control lists, certificate services, and delegation features to escalate privileges and move laterally. Most AD attacks require domain credentials to start — even low-privileged domain user access opens significant attack surface.

Topics in This Section

• Kerberoasting
• AS-REP Roasting
• Pass the Hash
• Pass the Ticket
• Golden Ticket
• Silver Ticket
• DCSync
• Delegation Attacks
• Certificate Attacks (AD CS)
• ACL Abuse
• GPO Abuse
• Trust Attacks

General Approach

1. Enumerate — map users, groups, SPNs, delegation, ACLs, trusts (see enumeration/active-directory.md)
2. Collect BloodHound data — identify attack paths to Domain Admin
3. Target Kerberos — Kerberoast service accounts, AS-REP roast where possible
4. Abuse permissions — exploit ACL misconfigurations, delegation, GPO write access
5. Escalate to DA — DCSync, Golden Ticket, or certificate-based persistence