Welcome to STEALTHbits Attack Catalog

Browse our attack listings to learn what each attack means, how they work, and what you can do about them.

AdminSDHolder Modification Attack

AdminSDHolder Modification

DCShadow Attack

DCShadow

DCSync Attack

DCSync

Golden Ticket Attack

Golden Ticket

Kerberoasting Attack

Kerberoasting

LDAP Reconnaissance

LDAP Reconnaissance

NTDS.dit Password Extraction Attack

NTDS.dit Password Extraction

Pass-the-Hash Attack

Pass-the-Hash

Password Spraying Attack

Password Spraying

Plaintext Password Extraction – Group Policy Preferences Attack

Plaintext Password Extraction – Group Policy Preferences

Golden Ticket Attack

Silver Ticket

Attacks by Cyber Kill Chain Phase

Click on a phase to explore applicable attacks.

Discovery

Lateral Movement

Privilege Escalation

Persistence

About STEALTHbits’ Cyber Kill Chain Attack Catalog

Attacks against critical infrastructure like Active Directory and Windows operating systems are well documented, but often poorly communicated to or understood by the cybersecurity community as a whole.

STEALTHbits’ Cyber Kill Chain Attack Catalog was designed to be a useful, informational asset for those looking to understand the specific tactics, techniques, and procedures (TTPs) attackers are leveraging to compromise credentials and data.

Browse our attack matrix or search by attack kill chain phases to learn about each, how they work, and what you can do to mitigate, detect, or prevent them in your organization.