Advanced Engineering Services

Active Directory Penetration Test

Active Directory Penetration Test

Secure Network’s Active Directory penetration test will determine what actions can be taken by a threat actor that has successfully gained user access to the internal domain. This test will assess and discover the most likely attack paths, to include any multi-chain or in-depth attack paths, that could be used by the attacker to move laterally and escalate privileges throughout the customer domain.

We apply a consistent and reproduceable approach that combines comprehensive identification and validation of risk-based vulnerabilities. This methodology ensures that both new and common threat actor Techniques, Tactics, and Procedures (TTPs) are applied to each test, identifying real world attack paths that could be exploited within mature organizations.

Planning Phase

During the Planning phase, SNT will collaborate with customer Point of Contacts (PoC) to discuss Scope, Rules of Engagement, and to outline what to expect during the Active Directory penetration test. Senior cyber security engineers will be involved with PoC planning meetings to detail engagement information and to answer any questions or concerns.

Reconnaissance Phase

The Reconnaissance phase will be the beginning of the Active Directory penetration test. With access to a Windows based workstation or server, SNT will perform multiple techniques to enumerate and map the customers Active Directory domain.

Exploitation Phase

The Exploitation phase will begin once the Reconnaissance phase has completed and indicated potential vulnerabilities with AD. These initial vulnerabilities are typically exposed due to misconfigurations or legacy requirements.

Post-Exploitation Phase

The Post-Exploitation phase continues the exploitation of the attack path to validate all discovered potential attack paths. In-depth analysis of Active Directory will occur in an attempt to exploit paths that an attacker would not likely exploit but are still relevant to the overall security posture of the customers AD environment.

Reporting Phase

The Reporting phase will occur after the conclusion of testing. Any attack paths or vulnerabilities that have been discovered will be disclosed. Mitigation techniques are included in details of findings, where applicable, to provide guidance and a starting point to reduce the overall risk to the customer environment.


SNT will deliver the final report to the customer along with detailed mappings of all attack paths discovered. The deliverables will also include any artifacts gathered during the attack, such as Active Directory enumeration output, ADsearch LDAP queries, etc.