Try now

Cyber Security Insights for Penetration Testers and Ethical Hackers

Authoritative insights for Red Teams on how to pen test Active Directory.

Ethical Hacker/Penetration Tester

You are Pen Testers and Ethical Hackers

You may be missing out on an ocean of privileged access.

As penetration testers and ethical hackers, your objective is to penetrate organizational cyber security defenses so that you can help organizations identify exploitable weaknesses in their existing cyber security defenses.

You likely know that the biggest prize to bag is obtaining root-level Domain Admin equivalent privileged access.

You also likely know that within Active Directory lies a vast ocean of privileged access, within which there likely exist thousands of privilege escalation paths.

You may even use popular tools such as Bloodhound, ACLight PowerShell etc. that claim to perform advanced "Active Directory permissions analysis" to find privilege escalation paths in AD.

However, what you may not know is that all these tools deliver highly inaccurate results, because what matters is not "who has what permissions" but "who has what effective permissions".

Our insights show you how to correctly audit privileged access in AD, so you don't miss an ocean of privileged access.

Paramount Cyber Security Insight for Ethical Hackers

Privileged Access
  Privileged Access -
Keys to the Kingdom

Within Active Directory lie all the proverbial "Keys to the Kingdom."

Active Directory
  Active Directory - Heart
of Privileged Access

The vast majority of all privileged access lies in Active Directory.

Active Directory Effective Permissions
Active Directory
Effective Permissions

The key to correctly identifying privileged access in Active Directory

Active Directory Privilege Escalation
 Active Directory
Privilege Escalation

The world's #1 cyber security risk to 85% of organizations worldwide.

How to audit privileged access in Active Directory
Correctly Identifying
Privileged Access

How to correctly audit privileged access/users in Active Directory.


3 Simple Steps

How to Easily Find Privilege Escalation Paths in AD.

As pen testers and ethical hackers, you know that today, in most AD deployments worldwide, there exist thousands of privilege escalation paths just waiting to be found and exploited.

To help organizations identify them, here's how you can easily find many of them in three simple steps -

  1. Begin by identifying the members of all default privileged security groups in Active Directory, e.g. Domain Admins, or by correctly identify privileged users in Active Directory.

  2. Next, accurately calculate/audit exactly who has sufficient effective permissions to be able to change membership of these groups, reset the passwords of their members, or modify their permissions or ownership on these objects.

  3. Finally, just iterate this process a few times over, and you will have found hundreds, if not thousands, of privileged escalation paths in virtually any Active Directory today.

The key is in determining Active Directory Effective Permissions.
(As an example, our tooling can instantly do this domain-wide.)

Our Global Customers

  • Australian Government
  • United States Treasury
  • British Government
  • Government of Canada
  • British Petroleum
  • Ernst and Young
  • Saudi Arabian Monetary Agency
  • Juniper Networks
  • U.S. Department of Defense
  • Microsoft Corporation
  • United Nations
  • Quantium
  • Nestle
  • IBM Corporation
  • U.S. Federal Aviation Administration
  • Columbia University

Your Privacy

We use cookies to provide you the best online experience. Please let us know if you accept these cookies.