@Tal Maor, on the Azure ATP security research team, just posted two new blogs; the first one is on LDAP Reconnaissance, which forms the foundation of Active Directory attacks: https://techcommunity.microsoft.com/t5/Enterprise-Mobility-Security/LDAP-Reconnaissance-the-foundati...

The second explains how you can detect LDAP-based Kerberoasting using Azure ATP: https://techcommunity.microsoft.com/t5/Enterprise-Mobility-Security/Detecting-LDAP-based-Kerberoasti...