Semperis Purple Knight - Active Directory Assessment with Möbius Partners

Spot weaknesses in Active Directory before attackers do.

Active Directory (AD) holds the “keys to the kingdom,” and if not safeguarded properly, it will compromise your entire security infrastructure. Purple Knight is a free Active Directory security assessment tool built and managed by an elite group of Microsoft identity experts.

Active Directory and Azure AD is typically at the core of any organization’s security. At a basic level it is a primary mechanism for authenticating users and determining which network resources they can access. An important question here is when is the last time you audited your Active Directory? Check out podcast episode below.

Purple Knight provides valuable insight into your AD security posture. It runs as a standalone utility that queries your AD environment and performs a set of tests against many aspects of AD’s security posture, including AD Delegation, Account security, AD Infrastructure security, Group Policy security, and Kerberos security. See full list here. Purple Knight is intended to augment your security team with know-how from a community of security researchers to minimize your attack surface and stay ahead of the ever-changing threat landscape.

“We were able to harden our Active Directory like never before – making sure it’s absolutely secure.” – VP of IT at AMOCO

During internal risk assessments, AMOCO realized they some work to do to secure Active Directory. Möbius Partners helped deploy the Semperis Purple Knight tool to identify vulnerabilities on AD in less than 15 minutes. They worked with AMOCO to remediate the vulnerabilities and introduced Directory Services Protector (DSP) to further protect their AD giving AMOCO peace of mind that everything is secure. Purple Knight is a security vulnerability scanning engine for AD to quickly find all “Indicators of Exposure” and “Indicators of Compromise” within AD.

What’s in the report and what does it look like?

This example report summarizes the Active Directory security assessment results performed by the Semperis Purple Knight tool. The assessment performed includes querying your Active Directory environment and running a series of security indicator scripts against domains in the selected forest. This assessment represents opportunities for enhancing this Active Directory environment from a security perspective in accordance with industry best practices. Click here for a sample Purple Knight report.

Use Cases:

Active Directory Audit – Organization is preparing or recently paid for an IT audit and need a second tool
Recent acquisition – visibility of their Active Directory before trusting or migrating a forest into your own
Need more data for compliance reporting
Another method to expand risk prevention

Tool Auditing Overview

Active Directory Security Report Card
Pre and Post Attack Security
Community Driven Threat Models
Prioritized, Actionable Guidance
MITRE ATT&CK Correlation

Tool Highlights

Simple download and execute; Domain Admin NOT required
Scans Active Directory within connected enterprise domain
Creates snapshot report of a “point in time” status & vulnerabilities
Currently includes 70+ IOCs (compromise) and IOEs (exposure) based on MITRE ATT&CK framework
Report output maps known vulnerabilities to a Risk Score (High, Med, Low) with description of vulnerabilities
Suggests prescribed remediation activity for each IOC/IOE identified.
Typically it takes less than 15 minutes

To get started, chat in the lower right or email info@mobiuspartners.com. We have an entire podcast episode dedicated to this topic: mobiuspartners.com/podcast. To see an overview of our Security expertise, please visit here.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Ready to talk with an IT expert?

Our Solutions

about us

connect.

transform.

repeat.

Speak with an
IT Professional Today!

Please fill out this form and we'll get right back to you.