Active Directory

Active Directory (AD) is the directory service that manages identities and access in most Windows enterprise networks. A typical engagement starts from a single low-privileged domain account and chains misconfigurations (readable secrets, permissive certificate templates, weak service-account passwords, stale objects) into domain-wide access.

This page collects the enumeration workflow and the most common privilege-escalation primitives, together with the tooling used to exploit them (ldapsearch, netexec/nxc, bloodhound-python, certipy, impacket, adidnsdump).