Outcome
An identity security report showing high-risk domain paths, evidence, business impact, and prioritized hardening steps.
Active Directory attack path analysis
Domain hardening before audit
Kerberos and credential exposure review
Privilege escalation path review
Privilege relationship and ACL risk mapping
Kerberoasting and AS-REP exposure validation
Group policy and domain configuration checks
BloodHound-based relationship analysis
Prioritized hardening guidance
Post-incident identity review
What you receive
- Active Directory assessment report
- Attack path diagrams where applicable
- High-risk account and privilege summary
- Domain hardening checklist
- Executive summary for IT leadership
Methodology
- MITRE ATT&CK for Enterprise
- BloodHound analysis
- PTES
- Microsoft hardening guidance
Scope
Active Directory domain, Windows hosts, domain controllers, Kerberos infrastructure, GPOs, ACLs, and trust relationships approved in writing.
Details
What to expect from this engagement
What is included?
A targeted Active Directory assessment for organizations that need to understand identity risk. I review domain enumeration output, privilege relationships, Kerberos attack exposure, credential risk, delegated permissions, group policy issues, lateral movement paths, and practical hardening opportunities. The final report translates technical attack paths into concrete remediation work.
Who is it for?
SMBs, enterprises, MSPs, and IT teams that rely on Windows domain infrastructure and need identity risk clarity.
What do you need to provide?
Written authorization, domain user account for assessment, network access to domain controllers, and clear testing boundaries.