Today Active Directory Security is mission-critical to organizational security worldwide and thus mission-critical to Cyber Security worldwide. On this blog, former Microsoft Program Manager for Active Directory Security, and today, CEO of Paramount Defenses, shares valuable technical insights on Active Directory Security.

Thursday, March 6, 2014

Gold Finger 6.0, the Lamborghini of Active Directory Audit Tools


Please accept my sincere apologies on account of the lapse in sharing thoughts via this blog. Something important came up, and required my personal involvement. Its taken care of now, and I look forward to getting back to sharing my 2c with you, with the intention of sharing potentially valuable insights on Active Directory security.
Anyway, before I get back to sharing insights, I just wanted to personally also introduce the latest version of Gold Finger, version 6.0, which in my humble opinion is the world's most capable Active Directory Audit  Tool –

Gold Finger 6.0

Gold Finger 6.0

Here is a link to the Press Release -

About two years ago, we shipped Gold Finger 5.0, and back then we referred to it as the Ferrari of Active Directory Security Solutions, because its capabilities represented the finest in Active Directory security analysis. Today, of course, Gold Finger 5.0 is deployed in five continents worldwide and it helps some of the world’s most important business and government organizations gain valuable security and access insight.

Gold Finger 6.0 – The Lamborghini of Active Directory Audit Tools

If Gold Finger 5.0’s unique and valuable capabilities made it the Ferrari of Active Directory Audit Tools, then Gold Finger 6.0’s speed and finesse surely make it the Lamborghini of Active Directory Audit Tools.

You see, when developing Gold Finger 6.0 we primarily focused our efforts on one thing - making it fast. Really fast!
I’m pleased to let you know that Gold Finger 6.0 is up to 5 times faster than Gold Finger 5.0. So, what used to sometimes take up to an hour in Gold Finger 5.0 can be done in about 5 minutes with Gold Finger 6.0. Five minutes.

For instance, if you wanted to find out exactly -
  1. who can reset whose passwords in an Active Directory containing 20,000 accounts
  2. who can create user accounts where in an Active Directory containing a 1000 OUs
  3. who can change the security group memberships of each one of over 5,000 groups
  4. who can delete which user accounts in an Active Directory containing over 10,000 accounts
... all you'd have to do is touch a button, and give it a few minutes. That's it.
Incidentally, in order to make any of the determinations listed above, one needs to analyze millions of security permissions and determine effective permissions on 1000s of objects. With Gold Finger, one can make these determinations in minutes. Without Gold Finger, making the same determinations could take months or even years.

This primarily being a technical blog, here's an enumeration of Gold Finger’s technical capabilities (listed in increasing order of difficulty) –
  1. Generate 100+ fully customizable (via LDAP filters) security audit reports, with scope control and scope depth control
  2. Enumerate the complete group membership of any Active Directory Security group, as well as view group nesting details
  3. Enumerate the complete list of security groups to which a domain user or computer account belongs
  4. View the contents of any domain user’s domain-specific and machine-type specific access token
  5. View the ACL of any Active Directory object, both in a simple view and in a detailed view that provides unmatched clarity
  6. Export/dump the ACLs of all objects in an Active Directory tree, with the ability to control tree depth
  7. Perform comprehensive Active Directory permissions analysis/reporting, with unmatched flexibility in filter specification
  8. Determine true effective permissions on any object in any Active Directory partition
  9. Enumerate the list of all administrative tasks delegated on a given Active Directory object, including a list of delegatees
  10. Find out exactly who has what effective administrative access, where and how across an entire Active Directory domain

Of course, each of the enumerations listed above can be done on-demand within mintues, at the touch of just ONE button.

Designed to Empower YOU

Gold Finger 6.0 is the embodiment of over half a decade of innovative cyber security research and development. Built at a cost of almost $10 million, today, it makes what is generally considered impossible as easy as touching a button.

We primarily built Gold Finger to help organizations worldwide swiftly and reliably mitigate the world's #1 cyber security risk - Active Directory Privilege Escalation based on the identification and exploitation of unauthorized grants in Active Directory deployments.

Along the way, we also got great feedback from some of the world's best Active Directory Security Practioners, most of whom are our customers today, and we embraced their feedback, resulting in the addition of over half a dozen valuable capabilities ranging from basic security audit reporting to true effective permissions.

In essence, we built this tool to empower all IT personnel worldwide, who, in our humble opinion, play a very important role in the protection of their organizations, because they help secure and defend the very foundation of their organizations, and because they work tirelessly to keep the lifeline of their organizations, the Active Directory, up and running, safe and sound, round-the-clock.

They already have a LOT on their plates, and the least we can do is empower them to obtain the mission-critical insight they need to keep their Active Directory deployments safe and secure at all times, quickly and easily, so they don't have to put in hundreds of hours to accomplish something that can now be done within minutes.

I personally have the greatest respect for all IT personnel, and I dedicate Gold Finger 6.0 to them. This one's for all of you, because the work that you do is VERY important, and I for one, know and deeply respect that. 

Kindest regards,

PS: With this behind us, you can expect me to get back to blogging again, very soon.