Episode Details
Back to Episodes
Active Directory Security: Attack Paths, Golden Tickets & How Hackers Hunt The Crown Jewel
Season 1
Published 6 months, 1 week ago
Description
Active Directory security, attack paths, credential hygiene and identity hardening – this episode is for people searching “Active Directory security best practices”, “AD attack paths”, “domain admin blast radius”, “Kerberos abuse”, “golden ticket attack” or “AD CS / PKI hardening” and wanting a concrete, modern defensive playbook. We treat Active Directory as the crown jewel that attackers hunt: if they own AD, they own your organization, which is why paths like DCSync, pass‑the‑hash, lateral movement and privilege escalation via service accounts are so heavily targeted.
We walk through how misconfigured certificate templates in AD CS, weak admin tiering, and poor credential hygiene quietly create ESC1–ESC8‑style paths straight to domain dominance. You’ll hear how attackers chain small misconfigurations (service accounts, PKI, Kerberos, LSASS, delegation) into a full compromise, and how techniques like golden tickets or DCSync are often just the final step of a long‑standing blast radius problem around domain admins and privileged groups.
Then we move into defense and hardening. We explain how to map and reduce attack paths, shrink domain admin blast radius, improve credential hygiene, protect LSASS, harden AD CS and PKI, and use tiering models effectively instead of just drawing them on a slide. The goal is to give you a realistic, prioritized roadmap: which fixes reduce the most risk fastest, where to start if everything feels on fire, and how to communicate these identity security issues to stakeholders who don’t live in Kerberos every day.
WHAT YOU WILL LEARN
The core insight of this episode is that most organizations don’t lose Active Directory in one dramatic event – they lose it through years of small ide
We walk through how misconfigured certificate templates in AD CS, weak admin tiering, and poor credential hygiene quietly create ESC1–ESC8‑style paths straight to domain dominance. You’ll hear how attackers chain small misconfigurations (service accounts, PKI, Kerberos, LSASS, delegation) into a full compromise, and how techniques like golden tickets or DCSync are often just the final step of a long‑standing blast radius problem around domain admins and privileged groups.
Then we move into defense and hardening. We explain how to map and reduce attack paths, shrink domain admin blast radius, improve credential hygiene, protect LSASS, harden AD CS and PKI, and use tiering models effectively instead of just drawing them on a slide. The goal is to give you a realistic, prioritized roadmap: which fixes reduce the most risk fastest, where to start if everything feels on fire, and how to communicate these identity security issues to stakeholders who don’t live in Kerberos every day.
WHAT YOU WILL LEARN
- Why Active Directory is the crown jewel and prime target for attackers.
- How attack paths form through misconfigurations, weak tiering and poor credential hygiene.
- What techniques like DCSync, golden tickets and pass‑the‑hash actually enable in practice.
- How AD CS, PKI and vulnerable certificate templates (ESC1–ESC8) open privilege escalation paths.
- How to reduce domain admin blast radius and harden privileged access.
- Practical steps to protect LSASS, service accounts and Kerberos from common abuse patterns.
- How to use admin tiering models in a way that actually changes attacker options.
- A pragmatic starting roadmap for AD hardening even in messy, legacy environments.
The core insight of this episode is that most organizations don’t lose Active Directory in one dramatic event – they lose it through years of small ide