It’s not uncommon that client infrastructures are deployed under a standard scheme that uses Active Directory. The algorithm for testing such infrastructures is continuously being perfected throughout the years: it’s now clear what steps to take, what to look out for, what types of attacks to run, how to evade defenses, etc. But what if you come across a non‑standard scheme? One such example is the use of FreeIPA.

This year’s events have demonstrated that the standard scheme is gradually going away. To stay on track, pentesters and redteamers have to adapt to the new normal.

The report explores FreeIPA, the approach to pentesting infrastructures deployed on FreeIPA, and provides useful tips (without any know‑how, superexploits, or zero days).