Buy

Cyber Security Insights for Penetration Testers and Ethical Hackers

Authoritative insights for Red Teams on how to pen test Active Directory.

Ethical Hacker/Penetration Tester

You are Pen Testers and Ethical Hackers

You may be missing out on an ocean of privileged access.


As penetration testers and ethical hackers, your objective is to penetrate organizational cyber security defenses so that you can help organizations identify exploitable weaknesses in their existing cyber security defenses.

You likely know that the biggest prize to bag is obtaining root-level Domain Admin equivalent privileged access.

You also likely know that within Active Directory lies a vast ocean of privileged access, within which there likely exist thousands of privilege escalation paths.

You may perhaps even use popular tools such as Bloodhound, ACLight PowerShell etc. that claim to perform advanced "Active Directory permissions analysis" to find privilege escalation paths in AD.

However, what you may not know is that when it comes to access assessment in AD, all these tools deliver substantially inaccurate results, because what matters is not "who has what permissions" but "who has what effective permissions".

Our insights show you how to correctly assess privileged access in AD, so you don't miss an ocean of privileged access.

Paramount Cyber Security Insights for Ethical Hackers

Privileged Access
  Privileged Access -
Keys to the Kingdom

Within Active Directory lie all the proverbial "Keys to the Kingdom."

Active Directory
  Active Directory - Heart
of Privileged Access

The vast majority of all privileged access lies in Active Directory.

Active Directory Effective Permissions
Active Directory
Effective Permissions

The key to correctly assessing privileged access in Active Directory

Active Directory Privilege Escalation
 Active Directory
Privilege Escalation

The world's #1 cyber security risk to 85% of organizations worldwide.

How to correctly assess privileged access in Active Directory
Correctly Assessing
Privileged Access

How to correctly assess privileged access/users in Active Directory.

Shareholder

3 Simple Steps

How to Easily Find Privilege Escalation Paths in AD.


As pen testers and ethical hackers, you know that today, in most AD deployments worldwide, there exist thousands of privilege escalation paths just waiting to be found and exploited.

To help organizations identify them, here's how you can easily find many of them in three simple steps -

  1. Begin by identifying the members of all default privileged security groups in Active Directory, e.g. Domain Admins, or by correctly identify privileged users in Active Directory.

  2. Next, accurately assess exactly who has sufficient effective permissions to be able to change membership of these groups, reset the passwords of their members, or modify their permissions or ownership on these objects.

  3. Finally, just iterate this process a few times over, and you will have found hundreds, if not thousands, of privileged escalation paths in virtually any Active Directory today.


The key is in determining Active Directory Effective Permissions.
(As an example, our tooling can instantly do this domain-wide.)

Our Global Customers

  • Australian Government
  • United States Treasury
  • British Government
  • Government of Canada
  • British Petroleum
  • Ernst and Young
  • Saudi Arabian Monetary Agency
  • Juniper Networks
  • U.S. Department of Defense
  • Microsoft Corporation
  • United Nations
  • Quantium
  • Nestle
  • IBM Corporation
  • U.S. Federal Aviation Administration
  • Columbia University

Privileged Access Assessment Innovation

Privileged Access Assessment Innovation

Privileged Access Assessment Tooling

Privileged Access Assessment Tooling

Privileged Access Assessment Service

Privileged Access Assessment Service

Your Privacy

We use cookies to provide you the best online experience. Please let us know if you accept these cookies.