// Wiki

Browse the WYZSec field notes

Search, filter, and sort the full guide library.

Showing 9 of 170 guides

Active Directory Attack Paths — ACL Abuse, Delegation, and Trust Attacks

Active Directory is the identity layer of the enterprise, and its permission model is complex enough to create accidental privilege escalation paths. ACL abuse exploits granular AD permissions like GenericAll, WriteOwner, and ForceChangePassword. Delegation attacks abuse Kerberos constrained/unconstrained delegation. Trust attacks cross domain and forest boundaries. Tools like BloodHound map these paths — attackers use them daily.

Active Directory Compromise Response

An Active Directory compromise is the highest-impact incident a SOC can face. This playbook covers detection and response for the four most common AD attack patterns: golden ticket (forged Kerberos TGT), DCSync (replicated AD database), Kerberoasting (cracked service account password), and ACL abuse (privilege escalation via AD permissions). Includes the krbtgt password reset procedure — the emergency recovery step when domain trust is lost.