▸ Security Service
Active Directory Penetration Testing
We simulate real-world AD attack chains to expose the paths adversaries will take through your domain.
What We Test
Assessment Coverage
What We Typically Find
Common Findings
▸
Kerberoastable service accounts with weak passwords
▸
DACL/ACE misconfigurations allowing privilege escalation
▸
ADCS ESC1-ESC8 vulnerabilities on enterprise CAs
▸
Unconstrained delegation on servers
▸
GPO abuse paths to domain compromise
▸
LAPS bypass via readable password attributes
Our Process
Methodology
01
Reconnaissance
02
Enumeration (BloodHound)
03
Attack Path Analysis
04
Exploitation
05
Privilege Escalation
06
Domain Compromise
07
Reporting
Deliverables
What You Receive
- Executive summary for leadership
- Detailed technical findings with CVSS ratings
- Proof-of-concept demonstrations
- Step-by-step remediation guidance
- Prioritized action plan
- Debrief call with your engineering team
- Free retesting within 30 days
Engagement
How It Works
- Mutual NDA signed before scoping
- Scoping call to define targets
- Fixed-price proposal within 48 hours
- Active testing: 1-2 weeks
- Draft report within 5 business days
- Final report after client review
- Retesting included at no extra cost
Compliance
Frameworks Supported
SOC 2
ISO 27001
NIST
Reports can include compliance-specific evidence and mapping for your auditors.