•  
  • Feature-specific Configuration
  • Attack Surface Analyzer
  • For Active Directory
Click here to shrink
Click here to expand Click here to expand

Attack Surface Analyzer for AD

The Attack Surface Analyzer for AD is equipped with over 25 exclusive reports that help you spot various AD attacks. All AD domains configured for auditing in ADAudit Plus are automatically added for attack surface analysis.

The different attacks that you can detect using ADAudit Plus' Attack Surface Analyzer for on-premises AD are listed below:

  • Pass the ticket
  • Pass the hash
  • DCShadow
  • DCSync
  • AdminSDHolder ACL tampering
  • RID hijacking
  • AS-REP roasting
  • Kerberoasting
  • Recent use of default admin
  • Shadow admin
  • Primary Group ID
  • Golden Ticket
  • Silver Ticket
  • Security log killer
  • PowerShell script block logging
  • Constrained delegation
  • Unconstrained delegation
  • Password extraction
  • Password spray
  • Reversible password encryption
  • Plaintext password in GPO
  • Brute-force password detection
  • Brute-force username detection
  • DSRM password change
  • DNS admin escalation
  • Suspicious process
  • Remote thread
  • Ransomware attack

To access the Attack Surface Analyzer for AD:

  1. Log in to the ADAudit Plus web console.
  2. Navigate to the Active Directory tab > Attack Surface Analyzer.

    3. General Settings under the Admin tab

Don't see what you're looking for?

  •  

    Visit our community

    Post your questions in the forum.

     
  •  

    Request additional resources

    Send us your requirements.

     
  •  

    Need implementation assistance?

    Try OnboardPro

     

Copyright © 2025, ZOHO Corp. All Rights Reserved.

Get download link