ATLSECCON 2025

Active Directory (AD) is a cornerstone of enterprise IT environments, providing critical services such as authentication, authorization, and identity management. However, its pervasive use also makes it a prime target for cyber attackers. This paper explores the evolving landscape of Active Directory cyber attacks, focusing on the methods and techniques used by threat actors to compromise AD environments. We will analyze case studies of recent high-profile breaches, highlighting the common vulnerabilities exploited and the tactics employed to escalate privileges, maintain persistence, and exfiltrate sensitive data. The discussion will include an examination of the tools and strategies used in these attacks, such as pass-the-hash, golden and silve ticket, kerberosting, DCSync, Golden SAML and Azure AD Token Theft attacks. We will also cover the latest defensive measures and best practices for securing Active Directory and Azure Active Director, including monitoring, detection, and incident response strategies. The aim is to provide IT professionals and cybersecurity practitioners with actionable insights to fortify their AD environments against sophisticated threats and ensure the integrity and security of their networks.