The paper considers an approach to choosing a tool for investigating vulnerabilities in the Active Directory directory service, which contains information of primary value to intruders, making it possible to determine the best point of entry into the system and develop the optimal strategy and tactics to implement the most effective and fastest attack. As part of this work, an analysis of possible directory service threats has been carried out and a classification of attacks on Active Directory has been provided. The classification of tools used to obtain useful information from Active Directory is given. The possibilities of Cobalt Strike as a tool for threat emulation and post-operational tasks based on a hidden agent and an updated database of attacking scripts are considered. The analysis of the practical implementation of cyber attacks using the tool Cobalt Strike over the past few years has been carried out. The methodology of such cyber attacks has been studied and detailed step by step.

Keywords: information security, cyberattack, attack scenarios, threat analysis, directory service, Active Directory, Cobalt Strike