Attackers don't hack in. They log in — via your AD.
We assess your Active Directory and Entra ID tenants against real adversary tradecraft: Kerberoasting, ACL abuse, tiering violations, GPO misconfig, and hybrid identity boundary gaps.
Fixed pricing in USD · NDA before scoping · Senior engineers only
Everything you get with Active Directory Security Assessment.
AD & Entra ID configuration review
Trusts, forests, tiering, ACLs, GPOs, privileged group memberships.
Attack-path mapping (BloodHound-driven)
Every path from a low-priv user to Domain Admin, visualized and prioritized.
Kerberos & authentication review
Kerberoastable accounts, AS-REP roasting, delegation abuse, certificate services (AD CS) misconfig.
Hybrid identity boundary review
AAD Connect, seamless SSO, cross-tenant guest access.
Tiering & privileged access remediation plan
Prioritized backlog to reach a defensible tier-0 / tier-1 / tier-2 model.
How the engagement runs.
Access & Enumeration
Standard-user credentials + read-only enumeration. No detonations without approval.
Attack-Path Analysis
BloodHound + manual review to enumerate every path to privilege and validate the critical ones.
Report + Prioritized Remediation Plan
Every finding with a fix, ranked by attack-path criticality.
What lands in your inbox.
- BloodHound attack-path diagrams
- Prioritized findings (with tier-0 impact analysis)
- GPO, ACL, and AD CS review
- Hybrid identity boundary assessment
- Tiering remediation roadmap
Related Offensive Security services
Pentest-as-a-Service (PTaaS)
Continuous pentesting on a subscription — always audit-ready.
Learn moreCloud Security & Configuration Review
AWS, Azure, and GCP configuration review by senior cloud engineers.
Learn moreRed Team Operations
Goal-based adversary simulation — full-scope, no rules-of-engagement theater.
Learn more