A fixed-price, fixed-scope engagement, delivered by a CREST-Accredited Offensive Security Team, tests for exploitable Active Directory drift that could give attackers a path to domain control.
STOCKHOLM, Sweden – June 12, 2026 – Specops, an Outpost24 company and a specialist in identity and access security, today announced the launch of the AD Security Assessment. The fixed-price, fixed-scope engagement shows organizations how an attacker would turn a single foothold inside Active Directory into full domain control.
Active Directory is the identity backbone of most enterprises, and in many organizations it has evolved over years of policy changes, new users, legacy groups, delegated privileges, and one-off exceptions. This Active Directory drift can create hidden access risk that is rarely tested the way an adversary would. Security leaders know it is critical, yet often lack the time, budget or visibility to validate where that drift could lead.
The Scattered Spider-linked attacks against UK retailers, including Marks & Spencer, Co-op and Harrods, put identity-based attacks at the top of the security agenda. The help desk social engineering playbook associated with the group continues to pose a live risk across the wider threat landscape. But social engineering is only one way in.
The Verizon 2026 Data Breach Investigations Report ranks vulnerability exploitation as the top initial-access vector, ahead of stolen credentials and warns that AI is accelerating the time to exploit known vulnerabilities from months to hours. Whatever the entry point, initial access is only the beginning. The real impact is often decided by what an attacker can reach once inside, and in many enterprise environments, Active Directory is where a single compromised account can become a path to domain-wide control.
Specops secures that identity layer every day, enforcing password policy and blocking compromised credentials across Active Directory. The AD Security Assessment extends that focus into adversarial testing of Active Directory itself. It gives security teams a hands-on view of how that risk could be exploited, without the commitment of a full penetration test.
“AD Security is not a one-time problem. It can slowly drift through everyday changes: new users, legacy groups, delegated permissions and policy exceptions as well as newly discovered vulnerabilities,” said Darren James, Senior Product Manager at Specops. “Left untested, those changes can quietly create attack paths no one expects. The Specops AD Security Assessment gives organizations a focused way to test and discover these risks, prioritize what to fix, and make Active Directory assurance a regular security discipline.”
The assessment begins from the posture of a low-privileged standard user, the same starting point an attacker has after gaining access. It is delivered by the CREST-Accredited Offensive Security Team of Outpost24, Specops’s parent company and a global provider of cybersecurity solutions. Its specialists review configuration, map privilege-escalation and lateral-movement paths, and validate exploitable routes around one central question: can an attacker reach Domain Admin?
Each engagement covers three parts: a password policy check, a full assessment of escalation routes and Group-Policy weaknesses, and an actionable report. The report pairs risk-rated findings and proof-of-concept evidence with a board-ready summary for a non-technical audience. Critical and high findings are flagged the moment they are confirmed.
“Most Active Directory risk is not found in a single obvious mistake. It is found in the way small issues combine: a permission here, a legacy group there, a policy exception somewhere else. Automated tools can point to weaknesses, but manual testing shows whether those weaknesses can be chained into a real path to Domain Admin,” said Alex Mohlin, VP of Offensive Security at Outpost24.