Gold Finger Mini
The World's Most Capable, Powerful and Simple Privileged Access Assessment Tool for Microsoft Active Directory.
Paramount Active Directory Threat Intelligence
High-value, instantly actionable threat intelligence.
No Active Directory deployment in the world can be secured without knowing exactly who can enact threats such as -
Run Mimikatz DCSync against an Active Directory domain
Change the membership of the Domain Admins group
Reset a privileged user's (e.g. a Domain Admin) password
Change the ACL protecting the AdminSDHolder object
Link a GPO to the Domain Controllers Organizational Unit
After all, the enactment of even one such threat could instantly result in an Active Directory security compromise.
Gold Finger Mini's unique patented technology can deliver such paramount threat intelligence at a button's touch.
Active Directory remains Vulnerable
The very heart of privileged access worldwide, remains vulnerable to compromise.
Microsoft Active Directory (AD) is the foundation of IT, cyber security and privileged access at 85% of organizations worldwide and today the vast majority of all-powerful privileged access, both unrestricted and delegated, resides in AD.
Today, within thousands of AD domains worldwide, lie billions of organizational domain user accounts, computer accounts and security groups, each one protected by security permissions in AD access control list (ACLs.)
Alarmingly, at most organizations, today no one knows exactly who has what privileged access in their AD because, over time, most of these AD security permissions have been substantially modified to customize access.
Consequently, today, most organizations have no idea exactly who can enact which admin tasks (e.g. creating accounts, resetting passwords, changing group memberships etc.) in their AD, including on their privileged accounts and groups (e.g. Domain Admins), and thus remain substantially vulnerable.
The World's #1 Attack Vector
Active Directory Privilege Escalation poses the world's #1 cyber security risk and is the world's #1 attack vector because it clearly and directly threatens the foundational security of over 85% of organizations worldwide.
Specifically, it can be easily exploited to compromise the security of virtually everything in Active Directory, including all-powerful Active Directory privileged user accounts and security groups.
Should someone be able to compromise even a single Active Directory privileged user account or security group, he/she could instantly gain complete control over the entire Active Directory.
Since it can be used to easily gain complete command and control of 85% of organizations worldwide, it poses a clear and present danger, and remains the world's #1 cyber security risk.
Fact - In virtually ever major recent cyber security breach, including the SolarWinds Breach, the Colonial Pipeline Hack, the Okta Breach and others, perpetrators targeted, compromised and misused a single Active Directory privileged user account to gain unrestricted system-wide access and then inflict colossal damage.
A Clear and Present Danger
Today, anyone who could enact any one of the following tasks could instantly and substantially compromise the entire organization -
- Run Mimikatz DCSync against an Active Directory domain
- Change the membership of the Domain Admins security group
- Reset the password of any/every privileged user in Active Directory
- Change the permissions specified in the AdminSDHolder object's ACL
- Modify the Service Principal Name (SPN) of a critical domain computer account
- Link a malicious GPO to the default Domain Controllers (DC) OU to compromise DCs
- Disable the use of Smartcards on Smartcard-enabled Active Directory domain user accounts
- Change administrative control in Active Directory to instantly obtain access to all organizational IT resources
- Launch a denial-of-service attack against any Active Directory integrated application/service (e.g. Azure Connect)
- Link a malicious GPO to any OU to instantly gain command and control over thousands of domain-joined computers
Organizations that do not know exactly who is provisioned what privileged access in their foundational Active Directory
are substantially vulnerable, and could potentially be compromised within minutes.
Gold Finger Mini
Gold Finger Mini is the world's only cyber security solution that lets everyone in the world accurately and instantly find out exactly who has the most critical privileged access in any Active Directory deployment in the world.
If you can click a button, you can now accurately and instantly find out exactly who can
perform the most critical administrative tasks in any Active Directory domain in the world.
Gold Finger Mini
Unrivaled, Mission-critical Privileged Access Insight
Now everyone can instantly find out exactly -
- Who can create a user account in Active Directory?
- Who can enable a disabled Active Directory user account?
- Who can reset the password of their own Active Directory user account?
- Who can reset the password of any Active Directory privileged user's account?
- Who can reset the password of any executive's (e.g. CEO, CISO etc.) Active Directory user account?
- Who can change the membership of the all-powerful Domain Admins security group?
- Who can change the permissions protecting the mission-critical AdminSDHolder object?
- Who can run Mimikatz DCSync against an Active Directory domain to replicate secrets?
- Who can link a group policy (GPO) to the default Domain Controllers organizational unit ?
- Who can disable the use of Smartcards on any Smartcard-enabled Active Directory account?
That's merely a fraction of what the unrivaled Gold Finger Mini can uniquely uncover at the touch of a button.
Discover Gold Finger Mini
Overview
Gold Finger Mini is the world's most advanced and yet simplest Active Directory Privileged Access Assessment Tool.
It embodies the unique, innovative, patented effective-access audit capabilities of our Microsoft-endorsed Gold Finger.
Unlike Active Directory Permissions Analyzers, all of which provide substantially incomplete and inaccurate insights, Gold Finger Mini performs accurate effective permissions analysis to correctly assess privileged access in AD.
Designed with simplicity in mind, it uniquely enables anyone with an Active Directory account to be able to accurately, effortlessly and instantly find out exactly who can perform the most critical administrative tasks in Active Directory.
Meticulously engineered, it empowers IT personnel, employees, management, cyber security auditors, ethical hackers and penetration testers to easily identify excessive/unauthorized exploitable privileged access in Active Directory.
It can be instantly installed and run on any domain-joined machine in under two minutes. Its use does not require any privileged access, any installation of agents, any changes to Active Directory, or opening any additional firewall ports.
It features 2 levels and is available in 4 editions, including a free edition for everyone. (Details below.)
A Basic Level for Everyone
The Basic level features 8 fundamental basic Active Directory privileged access reports -
Who can reset my Active Directory account's password?
Who can reset an executive's Active Directory account's password?
Who can reset an Active Directory privileged account's password?
Who can change the Domain Admins security group's membership?
Who can change security permissions on the AdminSDHolder object?
Who can create an Active Directory account in the Users container?
Who can link a group policy (GPO) to the Domain Controllers OU?
Who can enable a disabled Active Directory account?
An Advanced Level for Experts
The Advanced level features 8 essential advanced Active Directory privileged access reports -
Who can replicate secrets (i.e. password hashes) from the domain?
Who can reset an Active Directory domain user account's password?
Who can disable use of Smartcards on an Active Directory account?
Who can change an Active Directory security group's membership?
Who can change security permissions on an Active Directory OU?
Who can change an Active Directory computer account's SPNs?
Who can link a group policy (GPO) to an Active Directory OU?
Who can create an Active Directory user account in an OU?
Inbuilt Search and Verification
Gold Finger Mini features two useful inbuilt capabilities to assist in target location and access entitlement verification.
An inbuilt search utility enables effortless context-sensitive search and location of targets i.e. Active Directory objects, and an inbuilt task-execution capability facilitates the enactment of the following admin tasks for result verification* -
Reset the password of a specific Active Directory account
Create a user account in the Users container
Add one's account to the Domain Admins security group
Enable a disabled Active Directory domain user account
Disable the use of Smartcards on a Smartcard-enabled account
* The Execute Task option is only made available if the user using Gold Finger Mini is found to have sufficient privileges to perform the task.
Gold Finger Mini Licensing Options
Gold Finger Mini is available in 4 editions, including a free edition, to suit both short and long term, individual and organizational needs -
Capability | Edition | |||
Free |
Basic |
Advanced |
Global |
|
Perform accurate, fully-automated Active Directory privileged access assessment at a button's touch | ||||
Find out how many individuals can perform any selected Basic or Advanced level administrative task | ||||
Uncover the identities of all individuals who can perform any selected Basic level administrative task | Partial | |||
Uncover the identities of all individuals who can perform any selected Advanced level administrative task | ||||
Acquire the ability to make these paramount determinations in any Active Directory domain in the world. | ||||
Download | Buy | Buy | Buy |
Domain-wide Audit and Source Identification
Gold Finger Mini embodies the unique, patented, Microsoft-endorsed capabilities of our flagship Gold Finger solution, and is intended to help identify who can perform specific administrative tasks on individual Active Directory objects.
Gold Finger can additionally perform domain-wide privileged access assessments on thousands of objects, as well as identify and pinpoint exactly how an individual possesses privileged access to be able to enact these admin tasks.
Specifically, it can instantly determine exactly which underlying security permission in the ACL of an Active Directory object is currently entitling a user to be able to perform a specific administrative task on that Active Directory object.
The ability to be able to automatically perform accurate privileged access assessments domain-wide, as well as identify the source of determined entitlements can substantially help identify and lockdown privileged access in Active Directory.
Organizations that may have a need to quickly, efficiently and reliably assess (identify) and lockdown privileged access across their Active Directory deployments may wish to consider the use of Gold Finger.
Our Global Customers