Bloodhound | Miguel Lameiro | Cybersecurity Blog & Security Writeups

Introduction Active Directory exploitation is the phase where raw enumeration data becomes actual control over users, hosts, and eventually the domain itself. By this point, the tester is no longer just collecting names, groups, and services, but turning those relationships into passwords, tickets, shells, replication rights, and privileged access. The important shift is strategic: instead of asking “what exists,” the question becomes “which path gives the highest-value access with the least effort and the lowest operational cost.” ...