Try now

The World's #1 Cyber Security Risk - Active Directory Privilege Escalation

Active Directory Privilege Escalation threatens organizational cyber security worldwide and poses a clear and present danger to 85% of organizations.

Active Directory is the foundation of cyber security and privileged access at 85% of organizations worldwide, and today, within every organization's Active Directory deployment lie thousands of privilege escalation paths to privileged access.

Active Directory Privilege Escalation based on the identification and exploitation of an ocean of excessive access that exists inside access control lists in Active Directory deployments worldwide, remains the world's #1 cyber security risk.

What is Active Directory Privilege Escalation


Within thousands of Active Directory deployments worldwide, lie hundreds of millions of domain user accounts (including those of privileged users), computer accounts and security groups, each protected by an AD access control list (ACL).

Within these Active Directory ACLs lie permissions that allow or deny access to various users and groups, and together millions of such permissions collectively and effectively determine who actually has access to what on each object in Active Directory.

To attain and maintain least privileged access in Active Directory, organizations require the fundamental ability to accurately and adequately audit effective permissions in Active Directory.

Astonishingly, Active Directory lacks this fundamental ability, and as a result organizations worldwide have no idea who actually has what privileged access in their Active Directory.

Consequently, organizations have been provisioning access in Active Directory for years, without any insight, resulting in an ocean of excessive access that has paved billions of privilege escalation paths that can be easily identified by anyone with a domain account, and exploited to inflict colossal damage.

Executive Summary

Active Directory Privilege Escalation

Active Directory
Privilege Escalation

(Click the image above to download PDF)

World's Top Cyber Security Risk

The World's #1 Cyber Security Risk

Active Directory Privilege Escalation remains the world's #1 cyber security risk because it clearly and directly threatens the foundational security of over 85% of organizations worldwide.

Specifically, it can be easily exploited to compromise the security of virtually everything in Active Directory, including all-powerful Active Directory privileged user accounts and security groups.

Should someone be able to compromise even a single Active Directory privileged user account of security group, he/she could instantly gain complete control over the entire Active Directory.

Since it can be used to easily gain complete command and control of 85% of organizations worldwide, it poses a clear and present danger, and remains the world's #1 cyber security risk.

Just One.

Privileged Access Keys

100% of all major recent cyber security breaches involved the compromise of just one Active Directory privileged user account.

Ten Examples

Anyone who could escalate privilege in Active Directory to be able to enact any one of the following tasks could
instantly and substantially compromise the entire organization, resulting in a massive cyber security breach -

  • Run Mimikatz DCSync against an Active Directory domain
  • Change the membership of the Domain Admins security group
  • Reset the password of any privileged user /C*O in Active Directory
  • Change the permissions specified in the AdminSDHolder object's ACL
  • Create a new inbound trust relationship or modify any existing trust relationship
  • Link a malicious GPO to instantly take over any or every administrative workstation
  • Modify the Active Directory Schema to make crippling irreversible changes to Active Directory
  • Change administrative control in Active Directory to instantly obtain access to all organizational IT resources
  • Launch a denial-of-service attack against any Active Directory integrated application/service (e.g. Azure Connect)
  • Link a malicious GPO to any OU to instantly gain command and control over thousands of domain-joined computers

Organizations that do not know exactly who is delegated what administrative access in their foundational Active Directory
are vulnerable to Active Directory Privilege Escalation today, and could potentially be compromised within minutes.

A Simple Paramount Question

An Unknown Number of Privileged Users

How many privilege escalation paths does an attacker need to compromise Active Directory?

Golden words are not repeated

Just One

One privilege escalation path to an AD privileged user/group, is all a perpetrator needs to compromise Active Directory.

Once Active Directory is compromised, the perpetrator has command and control over the entire IT infrastructure.

From that point on, the extent of damage that the perpetrator could inflict, is limited only by proficiency and objective.

(Need one say more?)

This cyber security risk is 100% mitigatable.

Privileged Access Keys

The key to mitigating this risk lies in a simple, fundamental Active Directory security capability.

Active Directory Privilege Escalation Mitigation

100% Mitigatable

The risk posed by Active Directory Privilege Escalation to organizational cyber security worldwide is 100% mitigatable.

To mitigate this risk, organizations just need to accurately audit and then lockdown privileged access in Active Directory, which fundamentally involves and requires accurately determining effective permissions in and across Active Directory.

From that point on, they can easily maintain least privileged access in Active Directory, completely eliminating this risk.

Subsequently, even if thousands of perpetrators were to query a locked-down Active Directory domain to analyze Active Directory permissions, they will likely not be able to find a single exploitable privilege escalation path in Active Directory.

Cardinally, the key to mitigating this risk lies in possessing the capability to accurately determine "who has what effective permissions in Active Directory", which is not the same as "who has what permissions in Active Directory."

Our Global Customers

  • Australian Government
  • United States Treasury
  • British Government
  • Government of Canada
  • British Petroleum
  • Ernst and Young
  • Saudi Arabian Monetary Agency
  • Juniper Networks
  • U.S. Department of Defense
  • Microsoft Corporation
  • United Nations
  • Quantium
  • Nestle
  • IBM Corporation
  • U.S. Federal Aviation Administration
  • Columbia University

Your Privacy

We use cookies to provide you the best online experience. Please let us know if you accept these cookies.