Netwrix Enterprise Auditor (formerly StealthAUDIT) 11.6 has been released LEARN MORE

Stealthbits Cyber Kill Chain Attack Catalog: Active Directory Attacks and More

Blog >Stealthbits Cyber Kill Chain Attack Catalog: Active Directory Attacks and More

Cyber Attack Reference Guide for Security Practitioners

For over a year now, we’ve been documenting all the most common and clever techniques attackers have developed to compromise Active Directory credentials on their way to complete domain dominance.  Frustratingly, but not surprisingly, the number of attack methods to choose from and the frequency of attack prevalence have only risen over the past 12 months, which got us thinking…

How – besides continuing to provide cutting edge solutions for credential and data security – can we here at Stealthbits help our customers understand and articulate the nature and severity of these attacks to their businesses stakeholders, as well as craft a sound strategy for what to do about them?

We can all agree that attacks against critical infrastructure like Active Directory and Windows operating systems have been well documented over the years, but perhaps haven’t always been communicated clearly to or understood by the cybersecurity community as a whole.  As a Security Practitioner with so many different attack vectors to worry about these days, who’s got the time to be an expert on anything, let alone everything?

Your Guide for Active Directory Attacks and More

To bridge the gap, we built the Stealthbits Cyber Kill Chain Attack Catalog. Designed to be a useful, informational asset for those looking to understand the specific tactics, techniques, and procedures (TTPs) attackers are leveraging to compromise credentials and data, we want this site to be your go-to resource for quickly and easily wrapping your head around otherwise complex concepts aligning to cyber-attacks.

In this initial launch, we’ve documented ten (10) threats to get you started.  Not only have we broken down each attack into simple descriptions and steps, but we’ve also provided guidance on what you can do about them and included links to other great sources of information to help guide you to the best resources out there.

Top 10 Active Directory Threats

AdminSDHolder Modification



Golden Ticket


LDAP Reconnaissance

Ntds.dit Password Extraction



Password Spraying

Plaintext Password Extraction through Group Policy Preferences

Check out the new attack site here or visit

Don’t miss a post! Subscribe to The Insider Threat Security Blog here:


Featured Asset

Leave a Reply

Your email address will not be published. Required fields are marked *




© 2022 Stealthbits Technologies, Inc.

Start a Free Stealthbits Trial!

No risk. No obligation.