On-prem AD · Entra ID · Hybrid

Attackers don't hack in. They log in — via your AD.

We assess your Active Directory and Entra ID tenants against real adversary tradecraft: Kerberoasting, ACL abuse, tiering violations, GPO misconfig, and hybrid identity boundary gaps.

Fixed pricing in USD · NDA before scoping · Senior engineers only

What's Included

Everything you get with Active Directory Security Assessment.

AD & Entra ID configuration review

Trusts, forests, tiering, ACLs, GPOs, privileged group memberships.

Attack-path mapping (BloodHound-driven)

Every path from a low-priv user to Domain Admin, visualized and prioritized.

Kerberos & authentication review

Kerberoastable accounts, AS-REP roasting, delegation abuse, certificate services (AD CS) misconfig.

Hybrid identity boundary review

AAD Connect, seamless SSO, cross-tenant guest access.

Tiering & privileged access remediation plan

Prioritized backlog to reach a defensible tier-0 / tier-1 / tier-2 model.

Our Process

How the engagement runs.

01

Access & Enumeration

Standard-user credentials + read-only enumeration. No detonations without approval.

02

Attack-Path Analysis

BloodHound + manual review to enumerate every path to privilege and validate the critical ones.

03

Report + Prioritized Remediation Plan

Every finding with a fix, ranked by attack-path criticality.

Deliverables

What lands in your inbox.

  • BloodHound attack-path diagrams
  • Prioritized findings (with tier-0 impact analysis)
  • GPO, ACL, and AD CS review
  • Hybrid identity boundary assessment
  • Tiering remediation roadmap

Ready to see every path an attacker has to Domain Admin?

  • Senior engineers (OSCP, OSCE, CEH) — no juniors
  • Fixed-fee USD quote in 24 hours
  • NDA before scoping
  • Direct Slack/WhatsApp line to your lead engineer