Top Active Directory Misconfigurations Exploited in the Wild

The Keys to the Kingdom

Active Directory (AD) is the identity backbone of 90% of enterprise environments. If a Red Teamer or Threat Actor compromises AD, they effectively own the entire network.

Many AD environments have been operating for decades, accumulating “technical debt” in the form of excessive permissions and legacy protocols.

Common Attack Vectors

Attack	Description	Mitigation
Kerberoasting	Requesting TGS tickets for service accounts and cracking them offline.	Use strong, 25+ character passwords for Service Accounts.
AS-REP Roasting	Exploiting accounts with “Do not require Kerberos preauthentication” enabled.	Disable this setting on all accounts immediately.
LLMNR/NBT-NS Poisoning	Spoofing local network name resolution to capture NTLMv2 hashes.	Disable LLMNR and NBT-NS via Group Policy.

Tools of the Trade

Attackers heavily leverage tools like BloodHound to map out AD trust relationships and find hidden attack paths to Domain Admin.

Tip: Blue Teams can (and should) use BloodHound too! Run it defensively to find and fix privilege escalation paths before attackers exploit them.

Check out Wikipedia’s Active Directory page for more background.