Red TeamActive DirectoryTTPs
From initial access to Domain Admin: anatomy of a breach
CyDefense
Most breaches don't rely on an exotic zero-day but on a chain of small misconfigurations. Here is the typical path our operators walk on a red team engagement.
1. The foothold
An exposed app, a reused credential, an unpatched service — initial access is rarely the hardest link.
2. Escalation and lateral movement
Kerberoasting, weak service-account passwords, misconfigured delegation: each is a road to a privileged account.
Breaking the chain
- Segment: limit lateral movement between hosts.
- Harden AD: tiering, service-account hygiene, Kerberos ticket monitoring.
- Detect: every technique leaves a trace — you just have to ingest and alert on it.
Our purple team then replays the scenario against your detections until every step raises an alert.