Paramount Defenses Company | Leadership | Products | Solutions | Partners | Privileged Access Insight | Support | News | Careers | Blog | Contact 100%
Our Global Customers - Cyber Security Thought Leaders
Gold Finger  
for Active Directory  
Gold Finger
Mini
| Security
Audit Tool
| Membership
Reporting Tool
| Token-Size
Calculator
| ACL Viewer
& Exporter
| Permissions
Analyzer
| Effective Permissions 
& Access Calculator
| Administrative Access 
& Delegation Audit Tool
| Gold Finger
007G
| Golden
Eye

Gold Finger Mini

The world's most powerful cyber security penetration testing tool.

Do you know exactly who can reset your password and login as you today?

Our innovative Gold Finger Mini empowers you to find out exactly
who can reset whose passwords in any Active Directory today.


Gold Finger Mini

Gold Finger Mini




Overview

In any IT infrastructure, the security of every individual's user account, from the CEO to the Domain Admin, & from every employee to every contractor, is protected by that user account's password.

ADUC

Windows Logon




Passwords are often complex and people can sometimes forget their passwords, so the system provides IT personnel the ability to reset a user's password, so that they can help users log back in.

Reset Password




The ability to reset a user's password is governed by a special permission, known as the Reset Password extended right, which can be granted to specific IT users/groups on a user's account.

Reset Password Extended Right




Active Directory provides the ability to precisely delegate administrative access for operations such as Password Resets, but it lacks the ability to help IT groups precisely assess delegated administrative access, & as a result, IT groups can precisely grant specific users the Reset Password extended right, but they cannot precisely assess who is granted this right on any user account.

Over time, as business needs change, so does the state of provisioned access and administrative delegations in Active Directory, and consequently the actual state of access changes dramatically.

Active Directory Delegated Administrators


As a result, today in most Active Directory environments, many more individuals than intended (i.e. than should be able to), can reset the passwords of most Active Directory user accounts.




Malicious perpetrators know that the easiest way to compromise any user's account, and instantly get access to everything that account has access to, is by resetting that user account's password.

Impact of a Password Reset

For instance, as illustrated above, if someone could reset the password of the CEO's account, he could instantly login as the CEO and obtain access to everything the CEO currently has access to.




Since it only takes seconds to reset a password, all that a perpetrator needs to do to compromise an account is to find out who can reset that account's password and target that person's account.

Reset Password User Interface

In fact, it is this simple premise that when iterated, forms the basis of Active Directory Privilege Escalation, the world's #1 cyber security risk that endangers over 85% of all organizations today.




It turns out that the process of finding out who can reset the password of which domain user account is very difficult and time-consuming today, because it requires deep security expertise. Technically speaking, it requires the ability to be able to accurately determine effective permissions/access on Active Directory domain user accounts, which is very difficult to accomplish with 100% accuracy.

Active Directory Effective Permissions

Active Directory's inbuilt Effective Permissions/Access calculator is self-admittedly inaccurate, & at best it can show an approximation of what effective permissions a specified user has on an Active Directory object. Thus, if an organization had 1,000 user accounts, one would have to manually enter 1,000 user account names to approximately determine who can reset 1 account's password.




If it were possible to easily find out exactly who can reset whose password in Active Directory, anyone could very easily and quickly compromise virtually anyone's domain user account.

Password Reset Analysis Tool

Gold Finger Mini makes it possible for anyone to instantly find out exactly who can reset any domain user account's password in any Active Directory domain, within seconds, at a button's touch.





Powerful Insight

Gold Finger Mini embodies our unique, patented effective access assessment technology & empowers organizational IT personnel and IT security penetration testers to instantly uncover exactly

Powerful Cyber Security Insight

    1. Who can reset the password of their own domain user accounts?
    2. Who can reset the password of the domain user account of any other user, including those of contractors, administrators and executives?

In addition, to help IT personnel and pen testers prove their findings, it also includes a built-in password reset capability which can be used to reset the password of any* domain user account.




Unmatched Ease of Use

If you can touch a button, you can instantly find out exactly who can reset whose password...


Touch Of A Button


...it's really as simple as that.           




Free Download

You can now instantly deploy and use Gold Finger Mini in any
Active Directory deployment in the world, within 2 minutes –



Security Audit Tool Security Audit Tool


Welcome
Who We Are What We Do How We Protect You
Sitemap