Security firm releases free Purple Knight tool to spot weaknesses in Active Directory

The AD report card scores the security of Group Policies, Kerberos security and AD infrastructure.

woman laptop cybersecurity

Image: iStock/iBrave

Between weak passwords and stolen credentials, companies need all the help they can get to strengthen cyberdefenses against bad actors always looking for a new way in. Security firm Semperis built Purple Knight to make it easy for companies to patch holes in Active Directory security. The tool was announced on March 16.

The free tool assesses permissions across an organization to look for weaknesses. 

Darren Mar-Elia, vice president of products at Semperis, said in a press release that Purple Knight addresses a need that has become more pronounced in the wake of the Exchange Server Hafnium attack.

"Any large organization that has had Active Directory deployed for a long time is going to have weaknesses in their security posture, which means that if attackers got in, they would find it easy to exploit these vulnerabilities," he said. 

SEE: Social engineering: A cheat sheet for business professionals (free PDF) (TechRepublic)

Purple Knight assesses these elements of Active Directory: AD delegation, account security, Group Policy security, Kerberos security and AD infrastructure security. Purple Knight gives an overall score and one for each of the five test categories. The report card explains the results of each test including the likelihood of compromise and suggested remediation steps. 

In a video explaining how Purple Knight works, Mar-Elia said these tests change over time based on the company's monitoring of the most recent attack paths and its cybersecurity research on common attack paths.

The explanation of each security indicator includes the severity of the risk, the weight of that indicator in the overall risk score, the likelihood of compromise and the corresponding MITRE ATT&CK tactics, techniques and procedures.

Mickey Bresman, CEO of Semperis, said in a press release that inherent Active Directory vulnerabilities have the potential to compromise an organization's entire security infrastructure, which puts pressure on AD managers and security teams to stay ahead of the threats.

"However, securing AD can be difficult given its constant flux and the relatively limited number of AD security specialists in the world," he said.

Bresman said Purple Knight can help companies lock down AD by safely challenging cyber defenses, finding weak spots, and taking immediate action to solve those problems.

According to Semperis, users of the tool reported an average failing score of 61%, with Kerberos Security being the top risk area with an average score of 43%. Other category scores from initial results were 58% for Group Policy security, 59% for account security, 68% for AD delegation, and 77% for AD infrastructure security.

The company also reported in the press release that some common AD vulnerabilities identified by Purple Knight include: 

  • Password policies that are inadequate for modern account protection
  • Accounts with elevated privileges that have not been adequately reviewed
  • Accounts with delegated permissions over Active Directory that have unwanted consequences on AD security that have grown over time
  • Weaknesses in Kerberos usage that are often exploited to gain privileged access
  • Weak Group Policy configuration, which creates a variety of security risks 

Security teams copy Purple Knight's files into a folder on a domain joined machine and run the security assessment of Active Directory from there.

Purple Knight will initially be distributed through an approved network of partners who have all tested the tool, the company announced in a press release. 

Also see

By Veronica Combs

Veronica Combs is a senior writer at TechRepublic. For more than 10 years, she has covered technology, healthcare, and business strategy. In addition to her writing and editing expertise, she has managed small and large teams at startups and establis...