Active Directory underpins the majority of most organisations their IT infrastructure, which makes it a valuable target for attackers.
A lot of (targeted) ransomware attacks have been leveraging through AD, and I often get question on, how attackers are compromising an AD environment, so I thought it would be the right time to publish content about this topic, to help people having a better understanding on the different exploitation techniques, that might be used to take advantage of insecure or default settings in AD.
Vitali Kremez gave last year a nice talk on how cyber crime groups are attacking AD for fun and profit, which inspired me to choose that title as well, but I wanted to focus it more on the different exploitation techniques. The talk of Vitali can be found here:
There are a lot of recommendations that organizations should follow to secure Active Directory, but sometimes it is better to know, how it is done practical to have a better understanding on the risks behind a poor configuration.
I have published a PDF with the different exploitation techniques that can be used to attack Active Directory with recommendations on how to secure it.
This can be found here: