๐ Secure Bits ๐ก
๐๐ณ ๐๐ต๐ฒ ๐๐๐ ๐ผ๐ป ๐๐ฑ๐บ๐ถ๐ป๐ฆ๐๐๐ผ๐น๐ฑ๐ฒ๐ฟ ๐ฐ๐ต๐ฎ๐ป๐ด๐ฒ๐ฑ โ ๐๐ผ๐๐น๐ฑ ๐๐ผ๐ ๐ธ๐ป๐ผ๐ ๐ฎ๐ฏ๐ผ๐๐ ๐ถ๐?
Sure, itโs a bit of an extreme caseโฆ but really โ would your setup catch that?
๐ You can monitor this manually ๐๐๐ถ๐ป๐ด ๐๐ฑ๐๐ฎ๐ป๐ฐ๐ฒ๐ฑ ๐๐๐ฑ๐ถ๐๐ถ๐ป๐ด + ๐ฆ๐๐๐ and forwarding Events to your SIEM. Itโs free, it works โ and it gives you visibility where it matters – ๐ฏ๐๐ ๐ถ๐ ๐ถ๐ ๐น๐ฎ๐ฏ๐ผ๐ฟ๐ถ๐ผ๐๐, and there are many more cases to detect.
There are ๐ฎ๐บ๐ฎ๐๐ถ๐ป๐ด ๐ฐ๐ผ๐บ๐บ๐ฒ๐ฟ๐ฐ๐ถ๐ฎ๐น ๐๐ผ๐ผ๐น๐ out there e.g. from Semperis, Forestall, Nanitor, …, โ that detect vulnerabilities and changes in AD (and beyond). But letโs face it โ not everyone has the ๐ฏ๐๐ฑ๐ด๐ฒ๐.
โ Thatโs why I wanted to share ๐๐ผ๐บ๐ฒ๐๐ต๐ถ๐ป๐ด ๐ณ๐ฟ๐ฒ๐ฒ, on-prem, and surprisingly capable.
๐ฏ ๐๐ฎ๐๐ผ๐๐ผ๐ณ๐ ๐๐๐ฎ๐ฟ๐ฑ๐ถ๐ฎ๐ป ๐ฃ๐ฟ๐ผ๐๐ฒ๐ฐ๐๐ผ๐ฟย โ Iโve been testing it lately and Iโm impressed. No sponsorship here โ Iโve just worked with tools like these before (who remembers ATA?), seen plenty of enterprise demos, and this one ๐ฟ๐ฒ๐ฎ๐น๐น๐ ๐ฑ๐ฒ๐น๐ถ๐๐ฒ๐ฟ๐ ๐๐ฎ๐น๐๐ฒย โ especially for smaller orgs.
โ Detects misconfigs, risky changes, and vulnerabilities
โ Runs on-prem
โ AD, Entra ID, Teams, Intune, Exchange Online
โ It is free
I tested it with a PowerShell lab setup script by Kriss Stephenโ fantastic for spinning up a ๐๐ฒ๐๐ ๐๐ ๐๐ถ๐๐ต ๐ฟ๐ฒ๐ฎ๐น๐ถ๐๐๐ถ๐ฐ ๐บ๐ถ๐๐ฐ๐ผ๐ป๐ณ๐ถ๐ด๐.
โ ๏ธ Just donโt forget to change the default company size โ I left it in, and came back to thousands of demo users (my bad) ๐ซ
๐๐ฒ๐ ๐ฒ๐
๐ฎ๐บ๐ฝ๐น๐ฒ๐ ๐ผ๐ณ ๐๐ต๐ฎ๐ ๐ถ๐ ๐ฐ๐ผ๐ป๐ณ๐ถ๐ด๐๐ฟ๐ฒ๐:
โ Whole new structure in your AD with realistic data
โ Dangerous permissions
โ Dangerous delegations
โ Artifacts from attacks
โ …
๐ง Want to test your detections or evaluate tools like ADProbe? ๐ง๐ต๐ถ๐ ๐๐ฐ๐ฟ๐ถ๐ฝ๐ ๐ต๐ฒ๐น๐ฝ๐ ๐ฎ ๐น๐ผ๐.
โ Iโll leave links to both tools in the comments for you.
๐ฌ ๐๐ผ๐ ๐ฑ๐ผ ๐๐ผ๐ ๐ฑ๐ฒ๐๐ฒ๐ฐ๐ ๐ฐ๐ต๐ฎ๐ป๐ด๐ฒ๐ ๐ฎ๐ป๐ฑ ๐บ๐ถ๐๐ฐ๐ผ๐ป๐ณ๐ถ๐ด๐๐ฟ๐ฎ๐๐ถ๐ผ๐ป๐ ๐ถ๐ป ๐๐?
