I perform Active Directory security assessments focused on the attack paths that matter most — the ones ransomware operators and APT actors use to escalate from a low-privilege domain user to Domain Admin.
Assessment scope using BloodHound/SharpHound enumeration and manual analysis: Kerberoastable service accounts; AS-REP Roastable users (no pre-auth required); unconstrained and constrained delegation misconfigurations; ACL abuse paths (GenericAll, WriteDACL, GenericWrite on high-value targets); AdminSDHolder membership and SDProp abuse; excessive Domain Admin and built-in group membership; LAPS coverage gaps; weak Group Policy settings; password policy weaknesses; and DC configuration review.
Deliverables: AD security assessment report with attack path diagrams, BloodHound graph exports showing shortest paths to Domain Admin, severity-rated findings, and remediation steps prioritized by ease of exploitation and impact. For Premium engagements I provide an AD tiering model implementation guide.
Requires VPN or direct domain access, signed RoE, and a starting position credential. Works in production AD with non-destructive techniques, or lab environment.