Module 14 · Reading the Directory as a Graph

Manish Garg
Manish Garg Associate of (ISC)² · RingSafe
Apr 27, 2026
1 min read
Read as

Last updated: April 29, 2026

100% Free

No signup. No paywall. No catch. One of our 10 most-requested practitioner modules — published in full so anyone can learn for free. We earn through consulting, not by gating knowledge.

See all 10 free modules →

Microsoft Management Console shows AD as a tree. BloodHound shows it as a graph. The graph view changes everything.

Microsoft Management Console shows AD as a tree. BloodHound shows it as a graph. The graph view changes everything.

Nodes: users, groups, computers, GPOs, OUs. Edges: HasMember, AdminTo, GenericWrite, GenericAll, ForceChangePassword, etc. Attack paths emerge from graph structure.

The mindset: think in graphs. Every node has incoming edges (who controls me) and outgoing edges (what do I control). Privilege escalation = traversing.

🧠
Check your understanding

Module Quiz · 2 questions

Pass with 80%+ to mark this module complete. Unlimited retries. Each question shows an explanation.

Want this for your team?

Custom team training + practitioner advisory

Beyond the free academy — we run private workshops, vCISO advisory, and red-team exercises tailored to your stack. For Indian SMBs scaling past their first hire.

Book team training call Replies in 4 working hrs · India-only · Senior consultants
← Previous · Module 13
Module 13 · Permission Drift
← Back to Academy Hub
Continue Learning

Other modules in this track

View all modules
Academy
Module 1 · Beginner

AD's defaults accumulated risk for 20 years — authenticated-read-everything, NTLM, RC4, backwards compat.

Apr 22, 2026 · 4 min read
Academy
Module 2 · Intermediate

BloodHound, SharpHound, Impacket, CrackMapExec, PowerView. Any authenticated user sees the whole directory.

Apr 22, 2026 · 5 min read
Academy
Module 3 · Intermediate

Edges, queries, custom Cypher. Why BloodHound changed offensive AD since 2017.

Apr 22, 2026 · 5 min read