Skip to content

VRT Category Suggestions - Active Directory (AD) #501

New issue
New issue
Open
Open
VRT Category Suggestions - Active Directory (AD)#501
Labels
enhancement
@binbashsu-bugcrowd

Description

@binbashsu-bugcrowd
binbashsu-bugcrowd
opened on Mar 12, 2026

A comprehensive list of the new parent category, Active Directory (AD), to support Penetration Test engagements:

SCCM Abuse

Varies: Active Directory (AD) -> SCCM Abuse -> PXE Boot Media Theft
Varies: Active Directory (AD) -> SCCM Abuse -> Distribution Point Permits Anonymous Access
Varies: Active Directory (AD) -> SCCM Abuse -> Automatic Device Approval Enabled
Varies: Active Directory (AD) -> SCCM Abuse -> NTLM Relay From Management Point to Site Database
Varies: Active Directory (AD) -> SCCM Abuse -> NTLM Relay From Site Server To Site Systems
Varies: Active Directory (AD) -> SCCM Abuse -> NTLM Relay Via Automatic Client Push Installation
Varies: Active Directory (AD) -> SCCM Abuse -> Privileged Credentials Exposed In Task Sequences, Collection Variables or Network Access Account

Kerberos Abuse

P1: Active Directory (AD) -> Kerberos Abuse -> Domain Compromise via Unconstrained Delegated
P2: Active Directory (AD) -> Kerberos Abuse -> Insecure Service Account Management (Kerberoasting)
P2: Active Directory (AD) -> Kerberos Abuse -> User Does Not Require Pre-authentication (ASREPRoasting)

Active Directory Certificate Services (ADCS)

Varies: Active Directory (AD) -> Misconfigured Active Directory Certificate Services (ADCS)

Configuration Weaknesses

Varies: Active Directory (AD) -> Configuration Weaknesses -> Passwords Found within Domain User Account Description
P2: Active Directory (AD) -> Configuration Weaknesses -> Weak Domain Password Policy
P2: Active Directory (AD) -> Configuration Weaknesses -> Shared Administrator Passwords
P3: Active Directory (AD) -> Configuration Weaknesses -> Excessive Domain Admin Membership
P3: Active Directory (AD) -> Configuration Weaknesses -> Dormant/Inactive User Accounts Enabled in the Domain (> 90 days)

Sensitive Data Exposure

Varies: Active Directory (AD) -> Sensitive Data Exposure -> LDAP Anonymous Bind Enabled
Varies: Active Directory (AD) -> Sensitive Data Exposure -> Sensitive Data in Open File Shares

DACL Abuse

Varies: Active Directory (AD) -> DACL Abuse

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancement

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions