← ClaudeAtlas

ad-attackslisted

Active Directory attack paths — BloodHound path analysis, Kerberos abuse (Kerberoasting/AS-REP roasting/silver/golden ticket classes), delegation flaws (unconstrained/constrained/RBCD), DCSync, ADCS ESC1-8 at pattern level, and Tier-0 hygiene as a defensive model.
roodlicht/accans-sec-skills · ★ 4 · AI & Automation · score 65
Install: claude install-skill roodlicht/accans-sec-skills
# AD Attack Paths > **RoE-only and lab discipline**: AD attacks usually touch the highest-privilege layer of an organization. Version-specific ticket-extraction recipes, vendor-tool output, and ready-to-run DCSync commands for production are not in this skill; they belong in a closed engagement workspace. The skill contains class names, BloodHound edge types, ATT&CK T-IDs, and defensive counterparts. Lab work happens in a separate AD test domain. ## When to use Active Directory is the identity foundation of most enterprise networks. Path analysis and privilege escalation within AD follow fairly predictable patterns documented extensively by SpecterOps, Microsoft, and others. This skill provides the structural lens. Triggers on: - A question like "triage BloodHound output", "Kerberoasting in scope", "delegation flaws in our AD", "ADCS attack paths", "Tier-0 design". - A red-team / pentest engagement where internal AD is in scope and a first foothold has been gained (see `post-exploit` for broader methodology; this skill is the AD-specific deepening). - A purple-team exercise around AD detection tuning. - A defensive context where you run BloodHound on your own AD and want to close attack paths. - A migration or ADCS design review tied to `iso27001` or `nis2` Tier-0 requirements. ### When NOT (handoff) - Initial access into the network → `phishing-sim`, `web-exploit-triage`, `recon-agent`. This skill starts with an existing domain user or computer account. - Broader post