Active Directory is the primary target of nearly every enterprise attack. Once an adversary has compromised AD, the game is largely over. Our AD Security service provides the building blocks to prevent that outcome.
Assessment scope
- Domain Controller hardening (CIS Benchmark)
- Tier model alignment (Tier 0/1/2 isolation)
- Privileged account inventory and reduction (PAM recommendations)
- Kerberoasting / AS-REP roasting attack surface
- Group Policy security analysis
- Attack-path analysis with BloodHound
- Detection of legacy protocol use (NTLMv1, SMBv1)
Hardening implementations
- Tiering model design and rollout
- LAPS (Local Admin Password Solution) deployment
- Protected Users group and Authentication Policies
- Microsoft Defender for Identity integration
Deliverables
- BloodHound attack-path visualizations
- Risk-rated findings report
- Step-by-step hardening roadmap
