Today Cyber Security plays a paramount role in global security. On this blog, the CEO of Paramount Defenses shares rare insights on issues related to Cyber Security, including Privileged Access, Organizational Cyber Security, Foundational Security, Windows Security, Active Directory Security, Insider Threats and other topics.


June 23, 2016

The Need for a Trustworthy Free Active Directory Audit Tool

Folks,

Starting July 04, 2016, we're going to start addressing certain matters of cyber security that today have a global impact on the security of a majority of business and government organizations worldwide.


Until then, over the next few days, I just wanted to very briefly cover a few technical aspects.


Today, I wanted to briefly provide some clarity on the need for a trustworthy free Active Directory Audit Tool -

Free Active Directory Audit Tool

Now you might be wondering why a free Active Directory Audit Tool deserves any mention on a blog on cyber security.

There's a very good reason for that, as elucidated below.



Cyber Security 101

"Law #1 of the 10 Immutable Laws of Security states that if a bad guy can persuade you to run his program on your computer, it's not your computer anymore."

A corollary of this law is that if you yourself download and run a program possibly written by a bad guy, on your computer, it may not be your computer anymore, and if you’re a privileged user, your network may no longer be your network anymore too.

To make a long story short, if a privileged user, such as an Active Directory Domain Admin were to download and run software from the Internet that happened to be malicious in nature, since that software would be running in Domain Admin context in that organization, it could cause substantial damage and result in a major cyber security breach.

In fact, depending on the expertise of the author of that malicious software, its execution could not only enable the perpetrator to exfiltrate large amounts of data, it could also possibly cause massive automated destruction of organizational IT assets.



A Worrisome Situation

For months now, our cyber intelligence has indicated that to this day thousands of IT personnel from thousands of organizations worldwide continue to search for a free Active Directory Audit Tool.


(Its worth pausing for a moment to) think about that!

A majority of these IT personnel are administrative personnel at prominent business and government organizations worldwide. They often serve in capacities such as System Admins, Domain Admins etc. and by virtue of their responsibilities typically possess vast and usually unrestricted privileged access in their foundational Active Directory deployments.




One. (Just One.)

Imagine an individual in such a capacity searching for and downloading a free tool from the Wild Wild Web, and then running it, even if once, to fulfill a need. In all likelihood, that tool will run in a privileged security context, typically Domain Admin or the like, because in essence, that individual will be logged in using their administrative account when running such a tool.

Now imagine a scenario wherein the tool that this individual downloaded and run (even if only once), happened to be malicious in nature, written and uploaded by a malicious entity, such as a professional hacker or an Advanced Persistent Threat (APT).

Hacker
You don't need to a PhD. in Cyber Security to conclude that in such a scenario, even if that administrative individual were to run such a tool ONCE, it could result in a security compromise, and possibly grant the perpetrator a door into, and possibly vast control, if not full control, over the organization's IT infrastructure.

In short, just one IT admin need download and execute just one malicious piece of software in their corporate environment just one time, and its effectively GAME OVER.



They Know

In addition to various nefarious entities (e.g. professional hackers. organized crime syndicates etc.) in the Western world, many others, including the Russians and Chinese, not only possess deep Windows and Active Directory technical expertise, they also know that many IT personnel actively seek and download a variety of free tooling, so it would not be unreasonable to assume that they could exploit this knowledge to their malicious gain.

APT
I'll let you infer where I'm going with this; the astute mind should have no problem connecting the dots.



A Trustworthy Alternative

In light of the above, the fact that our cyber intelligence indicates that to this day thousands of IT personnel from thousands of organizations worldwide continue to search for free a Active Directory Audit Tool was quite unsettling and concerning.

Ideally, today no organization should allow the use of free tooling of any kind in their environments.

CISO

Ideally, the CISOs of all organizations should immediately establish and enforce a cyber security policy prohibiting the use of free tooling of any kind in their IT environments by all IT personnel, whether employees or contractors.

Unfortunately, our cyber intelligence indicates that even this basic cyber security 101 measure today largely remains just an ideal, and in most organizations worldwide, IT personnel still seek and rely on free tooling to fulfill various needs.

In other words, the reality on the ground is FAR from ideal.

In light of this reality, we felt that it was imperative to provide organizations worldwide a trustworthy alternative when it comes to free Active Directory audit tooling.


Thus, about two months ago we released a limited free version of our flagship Gold Finger Active Directory Audit Tool.

This limited free version shares the same code-base as does our flagship Gold Finger Active Directory Audit Tool, which today is not only the Gold Standard for Active Directory Audit Tooling, but also the world's most trustworthy Active Directory Audit Tool, trusted by the world's most powerful business and government organizations and deployed in 6 continents worldwide.

It is my privilege to share with you that in less than 50 days of its release, our novel free Active Directory Audit Tool has been downloaded in 50+ countries worldwide and is being used by many of the world's top business and government organizations.



In Summary

If organizations must rely on free Active Directory Audit Tooling, it is our hope that at the very least they exercise sound judgment when choosing such tooling, because a poor choice could mean the difference security and compromise.

As idealists, we hope that the day is not far where no organization allows the use of free tooling of any kind in their environments. As you'll hopefully agree, in today's world, there is simply no reason to rely on free tooling of any sort.

Unfortunately, based on the reality on the ground, that day seems far away, so until such a day arrives, the least we can do is to raise awareness about the inherent dangers in using untrustworthy free tooling, and provide them with a trustworthy free option.

The details on our free tool are over at - http://www.active-directory-security.com/2016/06/free-active-directory-audit-tool.html


Alright, my time's up. Thanks, and stay tuned.

Best wishes,
Sanjay

June 21, 2016

LDP.exe

Folks,

Starting July 04, 2016, we're going to start addressing certain matters of cyber security that today have a global impact on the security of a majority of business and government organizations worldwide.


Until then, over the next few days, I just wanted to very briefly cover a few technical aspects.


Today, I wanted to briefly cover a relatively little-known free Microsoft Active Directory analysis tool known as LDP.exe -

LDP.exe

LDP.exe is a free Microsoft utility that can help instantly obtain vast amounts of technical Active Directory configuration data.

Specifically, if you know what to look for and where to look for it, then LDP can help you find it within seconds. Of course, it also has substantial limitations, and that's where advanced tooling comes to the rescue, but there's still a lot of basic reconnaissance that a trusted insider or intruder could perform without detection using LDP.

So, why does a simple utility like LDP.exe deserve any real-estate on this blog?

Our online cyber security intelligence indicates that IT personnel from most organizations to whose Executive Leadership (Chief Executive Officers) we had sent The Paramount Brief a few weeks ago, are today starting to search for LDP.exe.


Is this a coincidence? Most likely, not.

In all likelihood, the right questions are finally being asked at the right levels, and as a consequence, the IT departments of these organizations are (finally) just starting to take a closer and deeper look at their foundational Active Directory deployments. (And, its high time they did so.)

So, again, what does all this have to do LDP.exe being covered on a blog focused on Cyber Security?

We anticipate that in months to come, 1000s of IT professionals and Cyber Security professionals from 1000s of organizations worldwide are going to be searching for LDP.exe, perhaps because that's possibly the (novice) advice they're likely getting from Microsoft, so they can start digging deeper into the current security state of their foundational Active Directory deployments.


We wanted to help them hit the ground running with LDP.exe because if you know as much as we do about Active Directory security, then you'll know that these organizations undeniably need to know the basic stuff, and more importantly a lot more, not just yesterday, but in fact ten years ago, so we put together a quick primer on LDP for them, a link to which can be found below.

We also wanted to advise them NOT to download LDP.exe from any source except from Microsoft's official download point on Microsoft's website, to minimize the possibility of downloading a potentially malicious version of LDP.exe that may have been built and put up by an Advanced Persistent Threat (APT) for reasons you can infer. (To the astute mind: YES, sadly Microsoft has not digitally signed LDP, thus necessitating this advice.)

So here's everything you need to know to download and get started with LDP - LDP.exe for Active Directory - Official Download Source, Usage, Tutorial and Examples.

Stay tuned.

Best wishes,
Sanjay