Active Directory kill chain
What is Active Directory? In plain words, it is a hierarchically structured storage of object information. One of the main benefits is that Active Directory allows centralized management and authentication. Now, let us briefly discuss what the Cyber Kill Chain is. This framework was developed by Lockheed Martin and has a military background. It is a concept that identifies the structure of an attack. We can adapt Cyber Kill Chain concepts for Active Directory as in the diagram from infosecn1nja on GitHub[5]. It has several steps, but it always follows the same cycle – recon, compromise, lateral movement – just with more privileged access:
Figure 1.4 – Active Directory kill chain
The focus of this book is Windows-based infrastructure and its services only, so themes such as local privilege escalation on the host, initial access, and external recon are out of the scope of this book. I will briefly explain...
