CyCraft Active Directory Attack Path Assessment is a rapid and
comprehensive solution uniquely designed to uncover
vulnerabilities in Active Directory and deliver actionable steps
for mitigation and remediation.
CyCraft ADAPA thoroughly evaluates your AD and delivers actionable insight into misconfigurations,
locates potential attack paths, and rapidly gets you in line with best practices.
AD VISUALIZATION
AD object relationship visualization analysis covers various AD objects including User, Endpoint, Group, OU, Container, GPO, MSI, and Certificate Template
AD SECURITY POSTURE
Automatically measure the security of AD field accounts and evaluate information security indicators
EDR INTEGRATION
Integrate Xensor EDR, aggregate account activity in the actual field, and automatically strengthen account defense
ADMIN ACCOUNTS
Dig deep into potential network management (Tier-0) accounts in the domain to find hidden permission management problems
ATTACK PATH SIMULATION
AI algorithm comprehensively analyzes more than 40 types of account and permission relationships on AD
ACCOUNT ASSESSMENT
Account permission analysis includes: high-risk attributes, service account attributes, abnormal groups and permission settings, rare special permissions, ADCS, LAPS, SPN, AS-REP Roasting, and DCSync
CyCraft ADAPA thoroughly evaluates your AD and delivers actionable insight into misconfigurations,
locates potential attack paths, and rapidly gets you in line with best practices.
AD VISUALIZATION
AD object relationship visualization analysis covers various AD objects including User, Endpoint, Group, OU, Container, GPO, MSI, and Certificate Template
AD SECURITY POSTURE
Automatically measure the security of AD field accounts and evaluate information security indicators
EDR INTEGRATION
Integrate Xensor EDR, aggregate account activity in the actual field, and automatically strengthen account defense
ADMIN ACCOUNTS
Dig deep into potential network management (Tier-0) accounts in the domain to find hidden permission management problems
ATTACK PATH SIMULATION
AI algorithm comprehensively analyzes more than 40 types of account and permission relationships on AD
ACCOUNT ASSESSMENT
Account permission analysis includes: high-risk attributes, service account attributes, abnormal groups and permission settings, rare special permissions, ADCS, LAPS, SPN, AS-REP Roasting, and DCSync
In analyses performed for customers, we have encountered large scale AD deployments (7,000 to 60,000 endpoints) with several AD Tier-0 accounts that were not known to the customers’ IT or security teams.
The actual number of Tier-0
accounts is on average
the number known to the
customer.
Known Tier-0 Accounts
Discovered Tier-0 Accounts
72%
of AD are successfully
compromised by Red Teaming.On average an AD is compromised in 11.5 days.
The shortest time is 3 days.
“We have performed information security audits in the past. Although we can find several clear paths to attack AD, the company has tens of thousands of accounts and is often worried that there are other paths.”
“This time, using EDR and Red Teaming, combined with CyCraft’s simulated attack path analysis, we can find all of the paths to attack AD, quantify the attack probability on the path and our team can follow the map to completely block any possible attack.”
— CISO of Taiwan Listed Company, May 2022
We’re ready to work together with you to secure your digital environment.
