Active Directory (AD) and Azure AD is typically at the core of any organization’s security. At a basic level it is a primary mechanism for authenticating users and determining which network resources they can access. An important question here is when is the last time you audited your Active Directory? Check out podcast episode below.
Purple Knight is a free security assessment tool that provides valuable insight into your AD security posture. It runs as a standalone utility that queries your AD environment and performs a set of tests against many aspects of AD’s security posture, including AD Delegation, Account security, AD Infrastructure security, Group Policy security, and Kerberos security. Purple Knight is intended to augment your security team with know-how from a community of security researchers to minimize your attack surface and stay ahead of the ever-changing threat landscape.
Active Directory Audit – Organization is preparing or recently paid for an IT audit and need a second tool
Recent acquisition – visibility of their Active Directory before trusting or migrating a forest into your own
Need more data for compliance reporting
Another method to expand risk prevention
Tool Auditing Overview
Active Directory Security Report Card encapsulating
Simple download and execute; Domain Admin NOT required
Scans Active Directory within connected enterprise domain
Creates snapshot report of a “point in time” status & vulnerabilities
Currently includes 70+ IOC’s (compromise) and IOE’s (exposure) based on MITRE ATT&CK framework
Report output maps known vulnerabilities to a Risk Score (High, Med and Low) with Description of Vulnerability
Suggests prescribed remediation activity for each IOC/IOE identified.
Typically it takes less than 15 minutes
What’s in the report and what does it look like?
This example report summarizes the Active Directory security assessment results performed by the Semperis Purple Knight tool. The assessment performed includes querying your Active Directory environment and running a series of security indicator scripts against domains in the selected forest. This assessment represents opportunities for enhancing this Active Directory environment from a security perspective in accordance with industry best practices.