Active Directory Security Resources
Identity-first resources for defenders and buyers.
Start Here
What is an Active Directory Security Assessment?
Learn what an Active Directory security assessment covers, how it differs from standard penetration tests, and why identity-first testing matters for domain takeover prevention.
Internal Pentest vs Active Directory Security Assessment
Understand the differences between a standard internal penetration test and an identity-focused AD assessment, and when each approach makes sense.
Active Directory Security Hardening & Hygiene Checklist
This Active Directory security hardening and hygiene checklist covers the most common misconfigurations we see during internal penetration tests, giving you a practical way to reduce identity-driven attack chains and domain compromise risk across Active Directory.
What is an Active Directory Security Assessment?
Learn what an Active Directory security assessment covers, how it differs from standard penetration tests, and why identity-first testing matters for domain takeover prevention.
Internal Pentest vs Active Directory Security Assessment
Understand the differences between a standard internal penetration test and an identity-focused AD assessment, and when each approach makes sense.
Active Directory Security Hardening & Hygiene Checklist
This Active Directory security hardening and hygiene checklist covers the most common misconfigurations we see during internal penetration tests, giving you a practical way to reduce identity-driven attack chains and domain compromise risk across Active Directory.
How Attackers Become Domain Admin
Understand the common attack chains from initial access to domain compromise: privilege escalation, lateral movement, and credential theft.
ADCS ESC1 and ESC4 Explained
Understanding Active Directory Certificate Services vulnerabilities: ESC1 and ESC4 attack techniques, how they work, and how to prevent them.
Top Active Directory Misconfigurations
Common AD misconfigurations that create attack paths: weak delegation, permissive ACLs, trust abuse, and GPO issues.
AD Permissions and ACLs Explained
How Active Directory permissions and Access Control Lists work, common misconfigurations, and how to audit them effectively.
KRBTGT Rotation: Why It Matters
Understanding the KRBTGT account, why regular password rotation is critical, and how to perform it safely without breaking authentication.
GPO Misconfigurations and Risk
Common Group Policy Object misconfigurations that create security risks: overly broad scope, permissive permissions, and legacy policies.
SMB and LDAP Signing: Why It Matters
Why SMB and LDAP signing are critical for preventing relay attacks and man-in-the-middle attacks in Active Directory environments.
Technical Deep Dives
Top Active Directory Misconfigurations
Common AD misconfigurations that create attack paths: weak delegation, permissive ACLs, trust abuse, and GPO issues.
How Attackers Become Domain Admin
Understand the common attack chains from initial access to domain compromise: privilege escalation, lateral movement, and credential theft.
ADCS ESC1 and ESC4 Explained
Understanding Active Directory Certificate Services vulnerabilities: ESC1 and ESC4 attack techniques, how they work, and how to prevent them.
Hardening and Hygiene
Active Directory Security Hardening & Hygiene Checklist
This Active Directory security hardening and hygiene checklist covers the most common misconfigurations we see during internal penetration tests, giving you a practical way to reduce identity-driven attack chains and domain compromise risk across Active Directory.
AD Permissions and ACLs Explained
How Active Directory permissions and Access Control Lists work, common misconfigurations, and how to audit them effectively.
GPO Misconfigurations and Risk
Common Group Policy Object misconfigurations that create security risks: overly broad scope, permissive permissions, and legacy policies.
SMB and LDAP Signing: Why It Matters
Why SMB and LDAP signing are critical for preventing relay attacks and man-in-the-middle attacks in Active Directory environments.
KRBTGT Rotation: Why It Matters
Understanding the KRBTGT account, why regular password rotation is critical, and how to perform it safely without breaking authentication.
Featured Blog Posts
What is ms-DS-MachineAccountQuota and Why It Matters
Some of the biggest dangers in Active Directory are default settings that most organizations have never changed. One of the most quietly impactful is a setting called ms-DS-MachineAccountQuota.
How to Enforce SMB Signing in Active Directory (And Why It Matters)
Learn the risks of leaving SMB Signing disabled, how to check if it is enabled, and how to safely enforce it.
How to Enforce LDAP Signing in Active Directory (And Why It Matters)
LDAP signing is often overlooked but critical. Learn what it does, why it matters, and how to safely enforce it.
Active Directory Certificate Services: The Overlooked Weak Link (ESC1, ESC4, ESC8)
Misconfigured AD CS can turn a minor foothold into full domain compromise. Learn the most common abuse paths and how to fix them.
Active Directory Flaws That Still Break Security in 2025
The same AD issues continue to show up in real environments. See the most common flaws and how to address them before they are abused.
Why You Should Secure AD CS Against ESC1 (and How to Do It)
A misconfigured certificate template can lead to domain compromise in minutes. Learn how ESC1 works and how to shut it down.
When Active Directory Is in Scope, Don’t Handcuff the Pentest
Providing a low-privilege user is not cheating. It reflects real-world compromise and exposes true identity risk.
The Real-World Risk of Not Enforcing SMB Signing in Internal Networks
Unsigned SMB traffic is still heavily abused in internal attacks. Learn how this misconfiguration enables real attack paths.
Common Attack Chains Enabled by Missing LDAP Signing
Missing LDAP signing enables relay attacks and chained escalation paths. See how attackers use it in real environments.
When Permissions Break Security: Understanding ESC4 in Active Directory Certificate Services
Weak permissions on certificate templates allow attackers to modify them and escalate privileges in AD.
ESC8 in AD CS: NTLM Relay to Web Enrollment Leads to Domain Compromise
ESC8 abuses AD CS web enrollment with NTLM relay to impersonate systems and escalate to full domain compromise.
Who these guides are for
Defenders, architects, and buyers who need clear language on AD assessments, hygiene, and common attacker paths without vendor hype.
Questions we get often
- Where should I start if I am new to AD security reviews?
- How do AD assessments compare to internal penetration tests?
- When should we bring in outside testing versus internal scanning?
Need help validating this in your environment?
Our Active Directory security assessment identifies misconfigurations, privilege escalation paths, and attack chains in your environment.