adsecurity.org

What It Is

ADSecurity.org is an Active Directory and Azure AD/Entra ID security site maintained by Sean Metcalf. Rather than being traditional commercial security software, it serves as a reference library for enterprise identity security research, offensive and defensive techniques, configuration hardening, and practical PowerShell guidance. The author describes himself as an MCM/MCSM in Microsoft Directory Services and has long shared research on attacks and defenses for Microsoft identity platforms at security conferences such as Black Hat, DEF CON, RSA, and Blue Team Con.

Core Features

The site focuses on real-world enterprise risks around AD and Entra ID, including domain controller security, GPO permissions, AdminSDHolder, DSHeuristics, the Pre-Windows 2000 Compatible Access group, GMSA, Kerberoasting, DCSync, Golden Ticket attacks, password spraying detection, and identifying PowerShell attack activity. Articles usually do more than explain vulnerabilities or attack paths; they also provide detection ideas, permission auditing methods, and mitigation recommendations, making them highly valuable for blue teams and identity security architects. The site also aggregates presentation materials and topic hubs for AD resources, attacks, defense and detection, Mimikatz, SPNs, Schema Versions, and more.

Pricing

The public blog, technical articles, and some script examples are generally free. The collected content also mentions that the author/team can be contacted for Active Directory and Entra ID security assessment services, but no specific pricing, service duration, or delivery scope is disclosed. These should be quoted separately as enterprise consulting projects.

Pros and Cons

The main strengths are its exceptional technical depth and strong focus on Microsoft identity security. Many articles are based on real offensive/defensive research and assessment experience, making them easy to turn into practical checklists. The downside is that it is not an automated product: there is no scanner, console, or continuous monitoring capability. The content is entirely in English and terminology-heavy, so it is not very beginner-friendly. There are also many older articles, so implementation should still be cross-checked against current Windows Server, Entra ID, and Microsoft official best practices.

Who It’s For

It is best suited for enterprise security operations teams, blue teams, red teams, AD administrators, identity security consultants, penetration testers, and incident responders. If an organization relies on Windows domains, hybrid identity, Entra Connect, or Microsoft 365, this site can serve as a high-quality reference source.

Access from China

Judging by the site format, it is a standard WordPress technical blog and can usually be accessed directly. However, page resource loading speed may be affected by cross-border network conditions.