# Impacts

The Impacts page provides a combined list of issues grouped by relevant impact, making it a valuable resource for preparing a remediation roadmap and addressing threats beyond just vulnerabilities. This page also displays Exposure Points and associated Risk levels, helping prioritize actions effectively and focus on the most critical areas to mitigate potential risks.

<figure><img src="/files/Klsp1mlfIuCA2WeF1WuT" alt=""><figcaption></figcaption></figure>

Each card contains `Impact Name` as a header and lists of issues that contain `Severity`, `Ease of Mitigation` ,`Tags`, and `Exposure Points`. Cards are sorted by the risk of impact and issues are sorted by the `Ease of Mitigation` metric.

FSProtect maps Issues by the Impacts below.

## **Account Management Issues**

Issues that complicated the account management lifecycle and inventory management.

## **Credential Theft Attacks**

Issues that exposed account credentials/sessions in different ways to a possible breach.

## **AS-REP Roasting**

Issues related to a special Kerberos protocol attack vector named AS-REP Roasting.

## **Exploitation of Unpatched Services**

Issues that lead to exploitation of old/unsupported or unpatched versions of services like NETLOGON, RDP, KDC etc.

## **Exploitation of SMB Protocol**

Issues that lead to exploitation of old/unsupported, unpatched, or misconfigured versions of SMB Protocol.

## **NTLM Relay**

Issues related to a special NTLM protocol attack vector named NTLM Relay.

## **Unconstrained Delegation Exploitation**

Issues that lead to exploitation of an insecure way of delegation.

## **Reconnaissance with Shared Files**

Issues that lead to information-gathering attacks through shared files with misconfigured/broad access control entries.

## **Resource Based Constrained Delegation Exploitation**

Issues (backdoors) that lead to exploitation of misconfigured Resource-Based Constrained Delegation method.

## **Reconnaissance with Null Session**

Issues that lead to information-gathering attacks through misconfigured SMB protocol.

## **Persistence with PrimaryGroupID Modification**

Issues related to suspicious modification of PrimaryGroupID attribute to ensure persistence.

## **Delegation Exploitation**

Issues related to precautions about exploitations of multiple delegation methods.

## **Plaintext Password Extraction from GPP**

Issues that exposed generally local administrator account credentials as plain text to everyone in the domain through Group Policy Preferences.

## **Kerberoasting**

Issues related to a special Kerberos protocol attack vector named Kerberoasting.

## **Golden Ticket**

Issues related to precautions about special Kerberos persistence attack vector named Golden Ticket.

## **Misconfigured Privilege Exploitation**

Issues related to misconfigured privileges that break the tiering model which are mostly caused by group memberships and service management.

## **ACL Based Attack Path Exploitation**

Issues that create so many attack paths because of misconfigured/broad access control entry definitions.

## **Bussiness Continuity Issues**

Issues that affect the availability and resilience of the Active Directory.

## **Privilege Escalation with Builtin Groups**

Issues that lead to privilege escalation paths through builtin privileged group memberships.

## **Persistence with Access Control Entries**

Issues related to suspicious modification of access control entries on important objects to ensure persistence.

## **GPO Management Issues**

Issues that complicated the Group Policy lifecyle and inventory management.

## **PrivExchange**

Issues related to Exchange Service and NTLM attack vector that leads to privilege escalation and total domain compromise.

## **Persistence with SID-History Injection**

Issues related to suspicious modification of SIDHistory attributes of objects to ensure persistence.

## **Reconnaissance with LDAP Protocol**

Issues that lead to information-gathering attacks through LDAP protocol which are caused by misconfiguration of the dSHeuristics attribute.

## **Reconnaissance with NSPI Protocol**

Issues that lead to information-gathering attacks through NSPI protocol which are caused by misconfiguration of the dSHeuristics attribute.

## **Constrained Delegation Exploitation**

Issues that lead to exploitation of misconfigured Constrained Delegation method.

## **Privilege Escalation with Certificate Template Abuse**

Issues that lead to privilege escalation through the exploitation of misconfigured Certificate Templates.

## **Privilege Escalation with Certificate Authority Abuse**

Issues that lead to privilege escalation through the exploitation of misconfigured Certificate Authorities.

## **Privilege Escalation with Certificate Service Abuse**

Issues that lead to privilege escalation through the exploitation of misconfigured Certificate Enrollment Services.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.forestall.io/fsprotect/0x1-impacts.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.