An interactive breakdown of the adversarial path from initial entry to Domain Controller (DC) compromise. Explore the attack chain, understand the specific techniques (the "types of attacks"), and review defense statistics.
To answer the question "What does an attacker do to get to the DC?", we must look at the concept of Lateral Movement and Privilege Escalation. Rarely does an attacker land directly on the Domain Controller. Instead, they land on a weak point (a user workstation) and "pivot" through the network, harvesting credentials until they have enough administrative power to access the DC. The interactive diagram below simulates this journey. Click on the nodes to see the specific actions taken at each stage.
Before an attacker can dream of the Domain Controller, they need a foothold. This usually happens via Phishing (stealing credentials) or exploiting an unpatched vulnerability on a public-facing server. Once inside, they are a "Standard User." They cannot reach the DC yet because they lack privileges.
You asked to explain the types of attacks. These are the specific technical methods adversaries use to bridge the gap between a standard user and the Domain Controller. Interaction: Click the tabs to filter by category.
Analyzing the prevalence of these techniques reveals where defenses should be prioritized. "Living off the Land" (using built-in tools like PowerShell) remains the primary method for moving towards the DC.
Data Source: Synthetic Aggregation of 2024 Threat Reports
Lower is faster/more dangerous