Skip to content

AD and Azure AD Auditing

Several Active Directory and Azure Active Directory (Azure AD) vulnerabilities have been made popular with tools like mimikatz or sites likes adsecurity.org. Some tools for Active Directory/Azure AD auditing include:

NameDescription
AdalancheAdalanche gives instant results, showing you what permissions users and groups have in an Active Directory. It is useful for visualizing and exploring who can take over accounts, machines or the entire domain, and can be used to find and show misconfigurations.
BloodHoundBloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. As of version 4.0, BloodHound now also supports Azure. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment. BloodHound is maintained by the BloodHound Enterprise team.
PingCastlePing Castle is a tool designed to assess quickly the Active Directory security level with a methodology based on risk assessment and a maturity framework. It does not aim at a perfect evaluation but rather as an efficiency compromise.
Purple KnightActive Directory and Azure AD vulnerabilities can give attackers virtually unrestricted access to your organization’s network and resources. Semperis built Purple Knight—a free AD and Azure AD security assessment tool—to help you discover indicators of exposure (IoEs) and indicators of compromise (IoCs) in your hybrid AD environment.