Skip to main content
QuantLab Logo
Financial Services2025

Active Directory Penetration Test

A full-scope internal assessment ahead of a compliance audit. Reconnaissance, credential attacks, ADCS abuse, lateral movement, and a documented path to Domain Admin — with an executive-ready remediation roadmap at the end.

Client: Regional financial services firm
Full attack chain demonstrated to Domain Admin
Every finding mapped to MITRE ATT&CK
Prioritized remediation roadmap delivered
Compliance audit passed on first attempt

The Challenge

The client had a compliance audit coming up and wanted more than a vulnerability scan. They wanted to know what a real attacker would actually do inside their network — not a list of unpatched CVEs, but a walkthrough of how a compromised workstation becomes Domain Admin. Their internal security team was thin, and previous assessments had been shallow.

Our Approach

We ran the engagement end-to-end with our own red team toolkit — eleven attack modules covering reconnaissance, credential spraying, Kerberoasting, ADCS certificate abuse, lateral movement, and C2 infrastructure. Every finding was mapped to a MITRE ATT&CK technique. We documented the full attack chain from initial foothold through privilege escalation, with screenshots, timestamps, and the specific misconfigurations that made each step possible. The final deliverable was two documents: a technical report for their security team, and an executive summary with a prioritized remediation roadmap for leadership.

Tech Stack

Custom red team toolkit (11 modules)MITRE ATT&CK mappingActive Directory exploitationADCS abuseKerberoastingC2 infrastructure

The Outcome

Full attack chain from a standard user credential to Domain Admin demonstrated and documented. Remediation roadmap prioritized by exploitability rather than CVSS score, so the security team knew what to fix first. The compliance audit passed on the first attempt. The client has since engaged us for follow-up testing on a six-month cadence.

Like to know more about this project? Talk to William.

Have a similar problem? Let's talk.

Tell us what you're dealing with. We'll be honest about whether we can help.

More Case Studies

Financial Services·2025

Multi-Strategy Trading System Deployment

A multi-strategy trading system running MA Supertrend and VWAP in parallel, with real-time feeds, hard risk controls, and 24/7 uptime. Built to trade real money, not to look good in a backtest.

Read case study
Construction·2026

How Northcrest Fence & Gate Cut Proposal Turnaround From Days to Minutes With a Custom Sales Platform

A unified Next.js 16 sales platform — public marketing site, mobile-first estimate capture, automated PDF proposals, and an admin portal — built so estimators can quote from the truck and homeowners get a branded proposal before the next contractor even calls back.

Read case study