The goal of this report is to help defenders understand the fulls cope of today’s modern attack surface so they can continue to refine their cybersecurity strategies and reduce risk. In this report, we explore the most notable vulnerabilities of the year and how they were used in attack chains, with specific focus on the value of Active Directory to threat actors.