Bloodhound

deploying-active-directory-honeytokens helps defenders plan and generate Active Directory honeytokens for Security Audit work, including fake privileged accounts, fake SPNs for Kerberoasting detection, decoy GPO traps, and deceptive BloodHound paths. It pairs installation-oriented guidance with scripts and telemetry cues for practical deployment and review.

analyzing-active-directory-acl-abuse helps security auditors and incident responders inspect Active Directory nTSecurityDescriptor data with ldap3 to spot abuse paths like GenericAll, WriteDACL, and WriteOwner on users, groups, computers, and OUs.