<aside> ⚠️
CLICK DUPLICATE BUTTON TO START USING THE TEMPLATE
</aside>
<aside> 🎯
Objective: Evaluate the organization's resilience against credential theft, exploitation, and lateral movement tactics used to gain domain admin or privileged access rights.
</aside>
Use this matrix to select the most appropriate attack vectors based on your objectives and environment:
| Attack Vector | Technical Complexity | Detection Risk | Value for Assessment | Best For |
|---|---|---|---|---|
| Kerberoasting | Medium | Low | High | Active Directory environments |
| Pass-the-Hash | Medium | Medium | Very High | Testing credential caching controls |
| Password Spraying | Low | Medium-High | High | Testing password policies |
| Token Impersonation | High | Medium | High | Testing advanced Windows security |
| Local Admin Exploitation | Medium | Medium | High | Testing endpoint security |
| Cached Credential Theft | Medium | Low | Medium | Testing endpoint hardening |
| Service Account Abuse | Medium | Medium | Very High | Testing privileged account management |
| Environment Type | Pros | Cons | When to Select |
|---|---|---|---|
| Production | Most realistic results | Highest risk | Only with extreme caution |
| Pre-Production/Staging | Good balance of realism | Moderate risk | For mature security programs |
| Test/Development | Lowest risk | Less realistic | Initial assessments |
| Isolated Lab Environment | Very controlled | Least realistic | New testing methodologies |
| Initial Access Level | Difficulty | Realism | Scenarios to Test |
|---|---|---|---|
| External (No Access) | High | Very High | Full kill chain from external attack |
| Authenticated User | Medium | High | Post-phishing scenario |
| Standard Workstation | Medium | High | Endpoint compromise scenario |
| Server Access | Low-Medium | Medium | Supply chain compromise |
| Cloud Resource Access | Medium | High | Compromised API credentials |