Attackers take advantage of weak Active Directory configurations to identify attack paths, access privileged credentials, and get a foothold into target networks. Purple Knight queries your Active Directory environment and performs a comprehensive set of tests against the most common and effective attack vectors to uncover risky configurations and security vulnerabilities. You receive prioritized, corrective guidance to close gaps before they get exploited by attack

Purple Knight 1.4 is ready for download. This updated release of the free Active Directory security assessment tool includes new features and security indicators.

New features:

Scan results are automatically saved to an Excel file

ANSSI appendix that displays a breakdown of security indicators within the French National Agency for the Security of Information systems (ANSSI) framework

Ability to customize the Purple Knight with a logo

Ability to start a new scan without having to rerun the Purple Knight executable: Clicking the NEW SCAN button on the Report Summary page returns you to the Environment page to select the forest and domains to be assessed

Ability to view Purple Knight version and Semperis contact information: Click the More button in the top right corner of the screen to check for updates and view version information.

Ability to export the full report to .PDF or the scan result data to a series of .CSV files. The SAVE AS button on the Report Summary pages gives you these additional options for saving the assessment report details.

New security indicators in Purple Knight 1.4:

Account Security:

Abnormal Password Refresh

Changes to Pre-Windows 2000 Compatible Access Group membership

Ephemeral Admins

Users and computers without readable PGID

AD Delegation:

Foreign Security Principals in Privileged Group

Users with permissions to set Server Trust Account

AD Infrastructure Security:

Dangerous Trust Attribute Set

gMSA not in use

Group Policy Security:

SYSVOL Executable Changes

Kerberos Security:

Write access to RBCD on DC

Write access to RBCD on krbtgt accountActive Directory holds the “keys to the kingdom,” and if not safeguarded properly, it will
compromise your entire security infrastructure. Purple Knight is a free Active Directory
security assessment tool built and managed by an elite group of Microsoft identity
experts.

Attackers take advantage of weak Active Directory configurations to identify attack
paths, access privileged credentials, and get a foothold into target networks. Purple
Knight queries your Active Directory environment and performs a comprehensive set of
tests against the most common and effective attack vectors to uncover risky
configurations and security vulnerabilities.

You receive prioritized, corrective guidance to
close gaps before they get exploited by attackers.
Spot weaknesses in Active Directory
before attackers do.

To lockdown Active Directory, you must think like an attacker.

Purple Knight maps preand post-attack security indicators to the MITRE ATT&CK framework, offering an overall
risk score along with the likelihood of compromise and specific remediation steps.

You can proactively harden your Active Directory against new adversary tactics and
techniques with built-in threat modeling.