Additional AD Auditing Techniques
AD with AD Explorer
With AD Explorer, we can create a snapshot of the Active Directory database to conduct further offline analysis. A snapshot can be used as point of comparison for any changes have been made in the domain. AD Explorer also gives a GUI interface to view and make changes to AD objects.
We can login with any domain user credentials.
PingCastle
PingCastle can provide a security assessment of an AD environment based on the Capability Maturity Model Integration as well as collecting many information about the domain objects and relationships between them. Results are displayed through several maps and graphs in .html report.
Healthcheck
status is the default mode and gives an overall security risk score for the domain. Scanner perform several check for recent vulnerabilities and misconfigurations.
Group3R
Group3R helps to identify security flaws relating to Group Policy. The tool has to be run in the context of domain user (not privileged) and from a domain host.
ADRecon
ADRecon is an automated script to collect information about an Active Directory Environment. The output is stored in a .HTML and .CSV files (Excel need to be installed).
GroupPolicy
PowerShell module needs to be installed for collecting information about Group Policy.
Last updated