Definition →

You can think of it as a phonebook this stores all kinda of information related to object such as computers,users and printers,etc. Active direcotories are used by windows mostly.

So like you can have one set of username and password and you can use those authenticate across the whole network.Maybe at your work computer,email,personal computer. It uses something called Kerberos tickets.And this what we attack. So basically all we should know for now is that the Authentication on Windows Devices is done by something called Kerberos tickets. Active directories can also exist on non windows device but they use something like RADIUS or LDAP instead of tickets.

Why is this is so important?

Active directories is the most common way used to do identity management service in the world.

More than 95% of the fortune 1000 companies use this method. It can be used to exploit without ever attacking patchable exploits.This is used to exploit a environment from the internal side of things and this is the most vulnerable thing for now. You will find it in almost every internal pen-test you do.

So you can exploit it without it having an available exploit so we can basically use its feature as our exploit .This happens because of misconfigurations of it .