AD Exposed Attack Surface

We'll likely see the following on domain controllers / machine in the AD space

• DNS
• HTTP
• Kerberos
• MS RPC
• NetBIOS
• HTTPs
• SMB
• kpasswd5
• nacn_http
• LDAPS
• GC over ldap
• GC over SSL/TLS
• MS HTTPAPI httpd 2.0 (tcp 5357)
• MS HTTPAPI httpd 2.0 (tcp 5985)

HTTP

A web server can be created on a DC by adding a web server (IIS) server role.