Active Directory Silver Ticket Attacks: Forging Kerberos Service Tickets
How attackers forge Kerberos TGS service tickets using a service account hash, and how blue teams detect and prevent it.
2026-05
Active Directory 
Active Directory Abusing Unconstrained Delegation: From Printer Bug to Domain Compromise
How attackers abuse Kerberos Unconstrained Delegation to capture TGTs and pivot to Domain Admin, plus blue-team defenses.
Active Directory Abusing Kerberos Constrained Delegation: S4U2Self and S4U2Proxy
A practical walkthrough of abusing Kerberos Constrained Delegation via S4U2Self and S4U2Proxy to impersonate privileged users.
Active Directory Resource-Based Constrained Delegation (RBCD) Attack: From a Single Computer Account to Domain Compromise
A practical walkthrough of the Resource-Based Constrained Delegation attack, abusing msDS-AllowedToActOnBehalfOfOtherIdentity for privilege escalation.
Active Directory ADCS Attacks: A Practical Overview of ESC1 Through ESC8
A field guide to Active Directory Certificate Services attacks ESC1-ESC8, with Certipy commands and Blue Team defenses.
Active Directory Introduction to Attack Path Analysis with BloodHound
Learn how to collect AD data with SharpHound and use BloodHound, neo4j, and Cypher to find the shortest path to Domain Admins.
Active Directory LDAP Enumeration Techniques: ldapsearch and windapsearch
A practical guide to enumerating Active Directory over LDAP with ldapsearch, windapsearch, and bloodyAD, plus blue-team defenses.
Active Directory SMB Enumeration and Null Session Exploitation
A practical guide to enumerating SMB and abusing null sessions with enum4linux-ng, smbclient, rpcclient, and RID cycling.
Active Directory Inside Kerberos: A Deep Dive into the Protocol Internals
A practical breakdown of Kerberos internals: AS-REQ, TGS-REQ, the PAC, and why RC4 vs AES etypes matter for attackers and defenders.
Active Directory Abusing Group Policy Objects for Privilege Escalation and Lateral Movement
How attackers weaponize editable Group Policy Objects with SharpGPOAbuse and GPP cpassword, plus blue-team detection and hardening.
Active Directory Abusing Active Directory DACLs: GenericAll, WriteDACL, and the Path to Domain Compromise
How attackers abuse GenericAll and WriteDACL ACEs in Active Directory, and how blue teams detect and prevent it.
Active Directory Shadow Credentials: Abusing msDS-KeyCredentialLink for AD Persistence and Privilege Escalation
Abuse msDS-KeyCredentialLink to forge Key Trust certificates, authenticate via PKINIT, and recover NTLM hashes.
Active Directory Password Spraying Active Directory Without Tripping Lockouts
A practical, lockout-aware guide to password spraying Active Directory with kerbrute, plus detection and defense.
Active Directory PetitPotam and Coercion Attacks: Forcing Authentication and Relaying to AD CS
How PetitPotam coerces machine authentication via MS-EFSRPC and relays it to AD CS for domain compromise — with detection and defense.
Security Abusing Windows Token Privileges: The Potato Attack Family
How service accounts with SeImpersonatePrivilege escalate to SYSTEM via JuicyPotato, PrintSpoofer, and RoguePotato, plus blue-team defenses.