Introduction Active Directory enumeration is the process of building a usable map of a Windows enterprise environment so later privilege escalation and lateral movement are based on facts instead of guesses. In a real engagement, the goal is rarely “list everything” for its own sake. The real goal is to identify valid users, critical hosts, trust relationships, weak controls, exposed services, and data that can be turned into access, escalation, or persistence. ...
Introduction Active Directory exploitation is the phase where raw enumeration data becomes actual control over users, hosts, and eventually the domain itself. By this point, the tester is no longer just collecting names, groups, and services, but turning those relationships into passwords, tickets, shells, replication rights, and privileged access. The important shift is strategic: instead of asking “what exists,” the question becomes “which path gives the highest-value access with the least effort and the lowest operational cost.” ...