GRC work is repetitive by design. Every enterprise customer asks roughly the same 150 questions in a slightly different spreadsheet. Every TPRM assessment wants the same information — your ISO/SOC2 status, your data retention policy, your incident response SLA, your encryption standards — just formatted differently, with different column names, sometimes in Excel, sometimes in a web portal, sometimes in a PDF form.

For a long time, filling these was pure manual labor. Someone on the security team would open the spreadsheet, read each question, pull up our policy documents, write a response, move to the next row, repeat. A single TPRM sheet could take half a day.

Then we started using Claude. Specifically, Claude via Cowork — Anthropic’s desktop tool that gives Claude direct file access and lets you work with documents, spreadsheets, and context that lives on your machine. This post is about what that changed, how we set it up, and how we scaled it across the team.

The Problem with TPRM Sheets at Scale

A Third-Party Risk Management (TPRM) questionnaire is a document an enterprise sends to vendors asking them to prove they’re secure. Banks, large enterprises, and regulated industries all have them. If you’re a B2B SaaS company selling into these sectors, you fill a lot of them.

The typical sheet has sections like:

• Information Security: Encryption, access control, vulnerability management
• Data Privacy: Data residency, retention, deletion, DPDP/GDPR compliance
• Business Continuity: RTO/RPO, DR testing, incident response
• Third-Party Risk: Your own vendor management, sub-processors
• Compliance: ISO 27001, SOC 2, certifications in scope

Each question has a Yes/No/Partial answer column, a Comments/Evidence column, and sometimes a Document Reference column. There can be anywhere from 80 to 400 rows.

The answers don’t change much between customers — your encryption standard doesn’t change because a different bank is asking. But extracting the right answer from your policy documents, framing it correctly for the question, and doing that 200 times in a row is exhausting and error-prone.

Where Claude Comes In

Claude, when given your security policies and a TPRM sheet, can read both and fill the questionnaire — accurately, consistently, and in minutes instead of hours.

Here’s the exact workflow we use with Claude Cowork:

Step 1: Build Your Context Library

Before anything else, gather your organization’s core security documents into a folder:

• Information Security Policy
• Data Classification Policy
• Incident Response Plan
• Business Continuity / DR Plan
• Access Control Policy
• Vendor Management Policy
• Any current certifications (ISO 27001 scope, SOC 2 report summary)
• A “standard answers” document — a running list of approved responses to common questions

You upload these to Claude Cowork once. Claude reads them and holds that context throughout your session. Every answer it gives is grounded in your actual policies, not hallucinated.

Step 2: Upload the TPRM Sheet

Drop the customer’s TPRM spreadsheet into Cowork. Claude reads the structure — columns, sections, row-by-row questions — and understands what kind of answer goes where.

A simple prompt gets you started:

1
2
3
4
5
6
7

Here is our TPRM questionnaire from [customer].
Fill in every row using our security policies I've shared.
For each row:
- Column B: Yes / No / Partial / N/A
- Column C: A 1-3 sentence explanation based on our actual policies
- Column D: Reference the specific policy document by name
Flag any question where you're unsure — don't guess.

Claude works through the sheet section by section. Where it’s confident (encryption standards, access control, certifications), it fills in complete answers. Where a question is ambiguous or the answer requires a judgment call, it flags the row and explains why.

Step 3: Review the Flags

This is the most important part of the workflow. You don’t review every row — you review only what Claude flagged. In practice, out of a 200-row sheet, Claude will flag 10-20 rows that genuinely need a human decision. The other 180 are done.

Those 10-20 flags are often the most important questions anyway — compensating controls, exceptions, questions about subprocessors in specific jurisdictions, questions where your answer might differ by product line.

You handle those, Claude fills the rest. What used to take 4 hours now takes 30-40 minutes.

Collaboration: Sharing Claude Sessions with the Team

This is where things get interesting.

In Cowork, you can share a session — the full conversation, context, and uploaded documents — with other team members. This means the context you’ve built (policies uploaded, answers refined, flags resolved) doesn’t have to be rebuilt by the next person who opens a TPRM sheet.

How We Use Shared Sessions

1. A single trained session per document set

One team member sets up the “GRC context” session — uploads all policy documents, adds the standard answers file, and does a few test runs to tune Claude’s response style (tone, length, format of answers). That session is then shared with the rest of the team.

Every new TPRM sheet goes into this session. Claude already knows your policies. You just upload the new sheet and run.

2. Collaborative review in the same chat

When a sheet has complex flags, two people can work in the same shared session simultaneously — one reviewing Claude’s draft answers, the other providing policy context through the chat. Claude sees both inputs and refines accordingly. This is faster than a review meeting.

3. Knowledge transfer for new team members

When someone new joins the security team, they don’t start from zero. They read the shared Claude session — the conversation history shows not just the outputs but the reasoning, the edge cases that came up, the answers we debated. It’s a live documentation of how GRC decisions are made at the company.

What Claude Actually Does Well in GRC Context

After using this workflow across many different questionnaire formats, here’s an honest breakdown:

Excellent

• Mapping a question to the right section of a policy document
• Writing consistent, professional responses at the right level of detail
• Spotting when the same question is asked twice in different phrasing
• Formatting answers to match the required column structure
• Translating dense policy language into clear questionnaire responses

Good with Guidance

• Answering questions about certifications in scope (tell Claude your exact scope)
• Questions about sub-processors and data flows (give Claude your current sub-processor list)
• Questions requiring a “Yes” with caveats — Claude will draft the caveat, you review it

Needs Human Judgment

• Questions where your answer is “Partial” and the customer might push back
• Questions that require interpreting a regulatory requirement (DPDP, SEBI CSCRF) against your current posture
• Questions where the honest answer is “No, but here’s our compensating control”

The last category is exactly what you want humans reviewing. The 80% that Claude handles confidently is precisely the work that was draining the team before.

Practical Setup: Getting Claude Cowork Ready for GRC

If you want to replicate this, here’s a concrete starting point.

Folder structure on your machine:

1
2
3
4
5
6
7
8
9
10
11
12

/grc-context/
  policies/
    information-security-policy.pdf
    access-control-policy.pdf
    incident-response-plan.pdf
    bcp-dr-plan.pdf
    data-classification-policy.pdf
  certifications/
    iso27001-scope.pdf
    soc2-summary.md
  standard-answers/
    standard-answers.md   ← your running approved-answers document

The standard-answers.md file is worth building carefully. It’s a markdown file with sections like:

1
2
3
4
5
6
7
8
9
10
11
12
13

## Encryption
We use AES-256 for data at rest and TLS 1.2/1.3 for data in transit across all services.
Key management is handled via [KMS solution].

## Penetration Testing
We conduct annual third-party VAPT and internal vulnerability scans on a quarterly basis.

## Incident Response SLA
Critical incidents: 1-hour detection, 4-hour containment target.
Customer notification: within 72 hours of confirmed breach.

## Data Residency
Customer data is stored in [region(s)]. Cross-region replication is [enabled/disabled] by default.

Claude references this file first before going to longer policy documents, which speeds up responses and keeps answers consistent.

Starting prompt for a new sheet:

1
2
3
4
5
6
7
8
9
10
11
12

I'm going to give you a TPRM questionnaire. You have access to:
- Our security policies (in /grc-context/policies/)
- Our certifications (in /grc-context/certifications/)
- Our standard approved answers (standard-answers.md)

Rules:
1. Prioritize standard-answers.md — use those exact phrasings where they apply.
2. When pulling from a policy document, cite the document name in Column D.
3. If a question is ambiguous or you're less than 80% confident, write [FLAG: <reason>] in Column C.
4. Don't invent capabilities we don't have. When in doubt, flag.

Here is the questionnaire: [attach file]

The Broader Shift: AI as a GRC Team Member

What this workflow represents isn’t just automation — it’s a fundamentally different way of staffing GRC work.

Before: one senior security person reads 200 questions, applies policy knowledge, writes responses, gets reviewed.

After: Claude reads 200 questions, applies policy knowledge, writes responses, flags 15 for senior review. Senior person reviews 15 items. Team ships the questionnaire.

The senior security person’s judgment is still in the loop — just on the questions that actually need it. The rest of their time goes to the work that can’t be automated: understanding what a customer actually cares about, negotiating on compensating controls, deciding whether an exception is acceptable.

The shared session model also creates something valuable that’s hard to quantify: institutional memory that’s searchable. When a new kind of question comes up — say, a customer asks about DPDP compliance for the first time — the session captures how we answered it. The next person who gets the same question finds it in the conversation history. Claude already knows the approved answer.

What’s Next

We’re still building this out. A few directions we’re exploring:

• A persistent “GRC brain” — a single long-running Cowork session that accumulates answers over time, so each new questionnaire benefits from all previous ones.
• Automatic flagging by question type — training Claude to recognize categories of questions (regulatory, technical, process) and apply different confidence thresholds for each.
• Draft-to-Jira loop — once Claude fills a sheet, auto-create a review task in Jira with the flagged rows attached, so the human review step has a trackable ticket.

Summary

GRC questionnaires are a tax on security teams at B2B SaaS companies. The questions are largely the same. The answers are largely the same. The work is largely repetitive.

Claude, given your actual policy documents and a shared working session, turns that work from a half-day task into a 30-minute review. The workflow is:

1. Build a policy context library once.
2. Upload any TPRM sheet and ask Claude to fill it.
3. Review only the flagged rows — the genuinely hard questions.
4. Share the session with your team so the context transfers.

The output is consistent, policy-grounded, and faster than anything we were doing before. And unlike a script or a template, it actually understands the question being asked.

Before talking about Kerberoasting, ACL abuse, Shadow Credentials, or any advanced Active Directory attack, one thing must be clear: Active Directory is not a hacking topic, it is an identity system.

Most people fail at AD pentesting because they jump directly into tools without understanding how identity, authentication, and trust actually work inside an enterprise network. This article is written to fix that gap.

This is not a cheat sheet.
This is not a command-based tutorial.

This is a mental model of Active Directory — the same model attackers abuse and defenders try to protect.

What Active Directory Really Is

Active Directory is Microsoft’s centralized identity and access management system. In simple terms, it is the system that answers two fundamental questions across an entire organization:

Who are you?
What are you allowed to do?

When an employee logs into their laptop, accesses a file server, connects to a database, or opens an internal application, Active Directory is almost always involved in that decision. AD is not limited to Windows logins. It quietly controls access across servers, applications, file shares, printers, VPNs, and even cloud services in hybrid environments.

A common beginner mistake is to think of Active Directory as “just users and passwords”. In reality, passwords are only one small part of a much larger identity system.

The Logical Structure of Active Directory

::contentReference[oaicite:1]{index=1}

Active Directory is organized in layers, and each layer represents a different scope of trust and administration.

At the top is the forest. A forest is the highest security boundary in Active Directory. Everything inside a forest implicitly trusts everything else inside the same forest. In many organizations, there is only one forest, but large enterprises and merged companies may have multiple forests connected by trust relationships.

Inside a forest are one or more domains. A domain is an administrative boundary. Users, computers, and policies belong to a domain. When people refer to something like corp.local or company.internal, they are referring to an Active Directory domain.

Within domains, objects are often organized into Organizational Units, commonly called OUs. OUs are not security boundaries. They exist to organize objects and apply policies. For example, HR computers might live in one OU, IT computers in another, and servers in a separate OU. This structure becomes extremely important later when we talk about Group Policy abuse.

Understanding this hierarchy is critical, because attackers do not “hack a domain controller” first. They move through identity relationships inside this structure.

Domain Controllers and the AD Database

A Domain Controller, often called a DC, is a server that holds a copy of the Active Directory database and provides authentication services.

The AD database contains every object in the domain: users, groups, computers, permissions, and relationships. This database is replicated across domain controllers to ensure availability and consistency.

From an attacker’s point of view, the Domain Controller is not valuable because it is a server. It is valuable because it is the source of truth for identity. Whoever can influence what the Domain Controller believes about identities effectively controls the domain.

This is why many advanced AD attacks do not require malware, exploits, or file drops. They manipulate identity data instead.

Users, Groups, and Computer Accounts

In Active Directory, users represent people or services. Groups represent collections of identities. Computers are also identities.

This is one of the most important concepts to understand: machines authenticate just like users. A domain-joined computer has its own account and its own password. This design enables secure communication between machines, but it also creates opportunities for attackers later in an engagement.

Groups are how access is actually granted. Users rarely receive permissions directly. Instead, users become members of groups, and those groups are granted access to resources. This design simplifies administration, but it also means that group membership is power.

When attackers escalate privileges in AD, they are often manipulating group memberships or abusing permissions that allow them to do so indirectly.

Authentication vs Authorization

Many people confuse authentication and authorization, but they are not the same thing.

Authentication answers the question of identity. It answers “Who are you?”
Authorization answers the question of access. It answers “What are you allowed to do?”

Active Directory first authenticates an identity using Kerberos or NTLM. After authentication succeeds, authorization decisions are made based on group memberships and permissions.

This distinction matters because an attacker can be fully authenticated as a valid user and still have very limited access. Most AD attacks are about changing authorization, not authentication.

Kerberos: How Authentication Works

::contentReference[oaicite:2]{index=2}

Kerberos is the default authentication protocol used in Active Directory. Unlike older protocols, Kerberos does not send passwords across the network repeatedly. Instead, it relies on tickets.

When a user logs in, the Domain Controller issues a Ticket Granting Ticket, commonly called a TGT. This ticket proves the user’s identity for a limited time. When the user tries to access a service, such as a file server or database, the user presents the TGT and receives a service-specific ticket.

This ticket-based design improves security and performance, but it also introduces unique attack surfaces. Kerberoasting exists purely because of how Kerberos service tickets are designed and encrypted.

Without understanding Kerberos at this level, Kerberoasting feels like magic. With this understanding, it feels inevitable.

LDAP: How AD Stores and Queries Information

::contentReference[oaicite:3]{index=3}

LDAP, the Lightweight Directory Access Protocol, is how Active Directory stores and retrieves information.

Whenever tools enumerate users, groups, computers, or permissions, they are not “hacking” anything. They are performing LDAP queries. LDAP is designed to be readable by authenticated users because applications need to find users, groups, and attributes.

This openness is necessary for AD to function, but it also means attackers can learn a lot about an environment without triggering alerts. Enumeration is not exploitation. It is simply asking the directory questions.

Group Policy and Centralized Control

Group Policy Objects, or GPOs, define how systems behave inside a domain. They control password policies, security settings, startup scripts, software installation, and more.

GPOs are applied based on where an object lives in the AD hierarchy. A single GPO can affect hundreds or thousands of machines. This makes GPOs one of the most powerful features in Active Directory.

From a defensive perspective, GPOs enforce consistency. From an attacker’s perspective, they represent centralized authority. Any weakness in GPO permissions can have massive impact, which is why GPO abuse appears later in advanced AD attacks.

Permissions and Access Control Lists

Every object in Active Directory has an Access Control List, or ACL. ACLs define who can read, modify, or control an object.

These permissions are far more granular than most administrators realize. It is possible for a user to have permission to modify a group, reset a password, or change an attribute without being an administrator.

Many of the most powerful AD attacks are not exploits. They are permission abuse. Attackers find unexpected write permissions and chain them together to reach high-value targets.

This is why modern AD attacks are often described as graph problems rather than vulnerability problems.

Trust Relationships

Active Directory trusts allow identities from one domain or forest to access resources in another. Trusts are essential for business operations, especially during mergers or multi-domain environments.

However, trusts also expand the attack surface. A compromised domain does not exist in isolation if trusts are in place. Attackers can abuse trust relationships to move laterally across domains and even forests.

Many real-world breaches become catastrophic because trust relationships were assumed to be safe without continuous monitoring.

Active Directory as an Identity Graph

The most accurate way to understand Active Directory is as an identity graph. Users, groups, computers, and permissions form nodes and edges in a massive graph.

Attacks are not about breaking one node. They are about finding a path. Each small permission, each group membership, and each trust relationship becomes a stepping stone.

Tools like BloodHound visualize this graph, but the underlying concept exists whether you use tools or not. Once you understand AD as a graph, advanced attacks start to make sense.

Why This Foundation Matters

If you skip these fundamentals, advanced topics like Kerberoasting, Shadow Credentials, or AD CS exploitation will feel like isolated tricks. With this foundation, they feel like logical consequences of design decisions.

Active Directory is not insecure by accident. It is complex by necessity. Attackers succeed when complexity outpaces visibility and operational discipline.

Closing Thoughts

Active Directory is the backbone of enterprise identity. Every advanced AD attack abuses something that already exists by design: trust, delegation, permissions, or authentication flows.

Before learning how to break Active Directory, you must understand how it works when it is functioning correctly. That understanding is what separates real security engineers from tool operators.

In the next article, we will build directly on this foundation and explore Kerberoasting, an attack that exists not because of a vulnerability, but because of how Kerberos and service accounts are designed.

Understanding AD makes attacks predictable.
Predictable attacks are preventable.

Core Thesis

Red teams rarely succeed because a vulnerability exists.
They succeed because trust existed where resistance did not.

Introduction

Red teaming is frequently reduced to the act of exploiting vulnerabilities, demonstrating payloads, or producing proof-of-concept screenshots. This interpretation is convenient, measurable, and easy to report. It is also incomplete. While exploitation may appear in the later stages of an engagement, it is rarely the decisive factor in a real compromise. Systems typically fail long before an exploit is executed.

Modern breaches repeatedly demonstrate that attackers succeed not because defenses are absent, but because trust is misplaced. Identity systems trust tokens. Services trust internal traffic. Pipelines trust dependencies. Applications trust intended usage. Red teams exist to interrogate these trust relationships under adversarial conditions. This distinction separates offensive security as a discipline from vulnerability discovery as a task.

This article examines why red teams do not begin by hacking systems, but by mapping trust. Through real incidents, CVEs, and breach case studies, it demonstrates how trust abuse consistently precedes exploitation and why security programs that ignore this reality remain fragile.

Trust as an Architectural Primitive

Trust is rarely documented as a first-class design element. Instead, it emerges implicitly from architectural decisions made for performance, convenience, or operational simplicity. A service trusts requests originating from a private network. An application trusts tokens issued by an identity provider. A deployment pipeline trusts that dependencies behave as advertised. These assumptions are often reasonable in isolation, but dangerous in composition.

Unlike cryptographic guarantees, trust assumptions are rarely enforced continuously. They are validated once during design and then assumed indefinitely. Over time, systems evolve, dependencies change, and new integrations appear. The original trust boundary remains, even though the context that justified it no longer exists.

Red teams focus on identifying these outdated assumptions. They examine where trust is implicit, inherited, or transitive. When trust expands beyond its original scope, it becomes an attack surface. At that point, exploitation is optional.

Vulnerabilities Are Symptoms, Not Root Causes

The security industry has trained itself to think in terms of vulnerabilities. CVEs provide structure, severity scoring offers prioritization, and patching offers closure. While this model is useful for software defects, it is insufficient for understanding compromise at the system level.

Many high-impact breaches did not require a novel vulnerability. Instead, they exploited legitimate functionality operating under flawed trust assumptions. The vulnerability, when present, merely accelerated an outcome that was already architecturally possible.

Key Observation

When trust collapses, vulnerabilities become implementation details rather than enablers.

Red teams understand this distinction. They do not ask which vulnerability exists, but which behavior is trusted. When trust collapses, exploitation becomes a formality rather than a requirement.

Case Study: SolarWinds and Supply Chain Trust

The SolarWinds compromise is frequently discussed as a sophisticated supply chain attack. While technically accurate, this framing obscures the more important lesson. The failure was not primarily the insertion of malicious code, but the depth of trust placed in the update mechanism itself.

Organizations implicitly trusted that signed updates from a widely used vendor were safe. That trust extended into highly privileged environments, including government networks. Once the update channel was compromised, the attack propagated without resistance.

Key facts:

• Malicious code was delivered via a legitimate update
• Code signing validated authenticity, not intent
• No exploitation was required at the target organizations

Reference:
https://www.cisa.gov/news-events/cybersecurity-advisories/aa20-352a

Red teams studying this incident focus not on the malware, but on why update mechanisms are rarely subjected to adversarial validation.

Identity Trust and Authentication Collapse

Identity systems represent one of the most concentrated trust surfaces in modern infrastructure. Tokens, assertions, and sessions are treated as authoritative representations of identity and intent. When identity systems fail, the blast radius is systemic.

Incidents involving misconfigured OAuth flows, improperly validated JWTs, or over-privileged service accounts demonstrate a recurring pattern. The vulnerability itself is often trivial. The impact is severe because identity is trusted everywhere.

A notable example is CVE-2022-3602, a vulnerability in OpenSSL that affected certificate validation and trust chains:

• CVE: https://nvd.nist.gov/vuln/detail/CVE-2022-3602
• Impact: Potential undermining of trust in identity assertions
• Lesson: Trust anchors are single points of failure

Red teams assess identity not by breaking cryptography, but by tracing where identity is assumed to be correct without verification.

Internal Trust and Lateral Movement

Many organizations treat internal networks as trusted environments. This assumption persists despite years of breach data demonstrating otherwise. Once an attacker gains a foothold, internal trust relationships often provide everything needed to progress.

Real-world breaches repeatedly show that lateral movement succeeds because internal services trust each other implicitly. Authentication is relaxed, authorization is coarse, and monitoring is limited. The attacker does not need to exploit each service individually; they move through pre-approved paths.

Red teams map these trust relationships explicitly:

• Which services trust source IPs?
• Which APIs assume caller identity?
• Which credentials are reused across environments?

These paths are rarely visible in vulnerability scans.

Feature Abuse and Business Logic Failures

Some of the most damaging attacks involve no vulnerabilities at all. Instead, they exploit features behaving exactly as designed. Discount logic, referral systems, quota enforcement, and workflow orchestration are common examples.

Because these failures do not map cleanly to CVEs, they are often dismissed as edge cases. In reality, they represent systemic trust failures. The system trusts that users will not behave adversarially within allowed operations.

Attack Pattern

Legitimate actions

• Unexpected sequencing
• Repetition at scale
  = High-impact abuse

Red teams analyze features as attack primitives. They ask how features can be combined, repeated, or sequenced to produce unintended outcomes.

Controls Without Resistance

Security controls are often deployed to satisfy compliance or design requirements. Their presence is taken as evidence of security. However, controls that have never been exercised under adversarial conditions remain theoretical.

Examples include:

• Rate limiting that assumes polite usage
• Monitoring that triggers only on known signatures
• Authorization checks that assume correct role assignment

Red teams validate controls by applying pressure. A control that fails silently under pressure is indistinguishable from no control at all.

Why Organizations Miss Trust Failures

Most security processes are optimized for component-level assessment. Code reviews focus on functions. Threat models focus on diagrams. Penetration tests focus on endpoints. None of these processes naturally surface trust assumptions spanning systems.

Organizational incentives compound the issue. Trust failures are difficult to quantify, hard to remediate, and often politically sensitive. It is easier to patch a vulnerability than to redesign an identity model or restrict internal trust.

Red teams operate outside these constraints. Their mandate allows them to question assumptions that other processes accept by default.

Red Teaming as Trust Validation

At its core, red teaming is not about breaking systems. It is about validating whether trust is deserved. This requires a shift in mindset from vulnerability discovery to adversarial evaluation.

When organizations internalize this perspective, security becomes proactive rather than reactive.

Conclusion

Red teams do not hack systems in the way popular narratives suggest. They interrogate trust. They challenge assumptions. They expose where legitimacy is granted without verification and where controls exist without resistance.

Real-world breaches consistently demonstrate that trust failures precede exploitation. Vulnerabilities may accelerate compromise, but they rarely initiate it. Security programs that focus exclusively on patching defects will continue to miss the deeper problem.

Security improves only when trust is tested under adversarial pressure. This site exists to document those tests, the failures they reveal, and the lessons they produce.

Legal and Ethical Note

All analysis presented here is based on publicly documented incidents and authorized security research. No exploitation guidance is provided. The intent is to improve defensive understanding through adversarial analysis.