Active Directory MindMap For Beginers:
graph TB; A[AD Security Assessment] --> B[Assume Breach]; A --> C[External Assessment]; B --> D[Domain Enumeration]; B --> E[Privilege Analysis]; B --> F[Attack Paths]; D --> D1[ACL Analysis]; D1 --> D1A[Bloodhound]; D1 --> D1B[PowerView]; D --> D2[Trust Relationships]; D2 --> D2A[Inter-realm trusts]; D2 --> D2B[Forest trusts]; D --> D3[Service Discovery]; D3 --> D3A[MSSQL]; D3 --> D3B[Exchange]; D3 --> D3C[ADFS]; E --> E1[Group Memberships]; E1 --> E1A[Nested Groups]; E1 --> E1B[Local Admins]; E --> E2[Service Accounts]; E2 --> E2A[Constrained Delegation]; E2 --> E2B[Unconstrained Delegation]; E --> E3[Shadow Admins]; E3 --> E3A[DCSync Rights]; E3 --> E3B[WriteDACL]; F --> F1[Tiered Access]; F1 --> F1A[Workstation to Server]; F1 --> F1B[Server to DC]; F --> F2[Lateral Movement]; F2 --> F2A[Pass-the-Hash]; F2 --> F2B[Pass-the-Ticket]; F --> F3[Certificate Abuse]; F3 --> F3A[ESC1-8]; F3 --> F3B[ADCS]; C --> G[External Recon]; C --> H[Initial Access Vectors]; C --> I[Post Compromise]; G --> G1[Domain Discovery]; G1 --> G1A[DNS Enumeration]; G1 --> G1B[Subdomain Scanning]; G --> G2[Service Enumeration]; G2 --> G2A[VPN Endpoints]; G2 --> G2B[Mail Servers]; G2 --> G2C[Web Applications]; G --> G3[OSINT]; G3 --> G3A[Email Formats]; G3 --> G3B[Employee Lists]; G3 --> G3C[Public Shares]; H --> H1[Perimeter Attacks]; H1 --> H1A[Password Spraying]; H1 --> H1B[VPN Exploitation]; H1 --> H1C[Phishing Campaign]; H --> H2[Service Targeting]; H2 --> H2A[Exchange]; H2A --> H2A1[ProxyLogon]; H2A --> H2A2[ProxyShell]; H2 --> H2B[RDP/VNC]; H2B --> H2B1[BlueKeep]; H2B --> H2B2[Default Creds]; H2 --> H2C[VPN]; H2C --> H2C1[Pulse Secure]; H2C --> H2C2[FortiGate]; I --> I1[Internal Recon]; I1 --> I1A[Network Segmentation]; I1 --> I1B[Trust Relationships]; I --> I2[Domain Join]; I2 --> I2A[LLMNR/NBTNS]; I2 --> I2B[IPv6 Attacks]; I --> I3[Privilege Escalation]; I3 --> I3A[Local to Domain]; I3 --> I3B[Domain to Enterprise];
