Active Directory holds the “keys to the kingdom,” and if not safeguarded properly, it will compromise your entire security infrastructure. Purple Knight is a free Active Directory security assessment tool built and managed by an elite group of Microsoft identity experts.
Attackers take advantage of weak Active Directory configurations to identify attack paths, access privileged credentials, and get a foothold into target networks. Purple Knight queries your Active Directory environment and performs a comprehensive set of tests against the most common and effective attack vectors to uncover risky configurations and security vulnerabilities. You receive prioritized, corrective guidance to close gaps before they get exploited by attackers.
To lockdown Active Directory, you must think like an attacker. Purple Knight maps pre- and post-attack security indicators to the MITRE ATT&CK framework, offering an overall risk score along with the likelihood of compromise and specific remediation steps. You can proactively harden your Active Directory against new adversary tactics and techniques with built-in threat modeling, which is constantly updated by a team of security experts.
The hard truth is that Active Directory is a soft target for attackers attempting to steal credentials and deploy ransomware across your network. But securing Active Directory is difficult given its constant flux, the sheer number of settings, and increasingly sophisticated threat landscape. And with easy access to powerful hacking tools, even small-time criminals can be just as dangerous as sophisticated nation-state adversaries. Purple Knight is on a mission to help organizations combat the deluge of escalating attacks targeting Active Directory. Regardless of company size or industry, we believe that security programs must be empowered to safely challenge their defenses, find weak spots, and take immediate action.
Comments and Reviews
The tool may be great but the download is hidden behind a contact form and unique download link is sent by email. Then running it complains about powershell script execution policy (which can be easily changed) and also about untrusted network location which is weird. By comparison, PingCastle run without such errors. Also PK can be run only on a domain-joined computer, which is absolutely unhandy for audits.