Close Tier 0 attack paths
Download Forest Druid
Note: Versions after 3.0.x are not compatible with data collected before 3.0.x. Data will need to be re-collected and classified.
-
File Type
.zip
-
File Size
197MB
-
Release Date
May 2025
-
SHA256
63019A4A1CE1A5A3269FDEA641B0C212C148374BA3E8CE32E8513ED8CA05BFF3
Please review the Forest Druid user guide for important information before unzipping and executing Forest Druid.
Forest Druid is a free attack path discovery tool, natively compatible with Active Directory, that helps cybersecurity defensive teams quickly prioritize high-risk misconfigurations that could represent opportunities for attackers to gain privileged domain access. Forest Druid helps organizations 1) identify the groups and accounts with access to Tier 0 assets, 2) define Tier 0 assets otherwise missed by default configurations, 3) scan AD for high-risk violations, and 4) protect Tier 0 assets by applying the analysis results to prioritize remediation and cut down excessive privileges with a focus on Tier 0 assets.
The user running Forest Druid must have Read permissions to Active Directory. Although the user is not required to be a Domain Admin, users with Domain Admin privileges will be able to see more information. Forest Druid collects data from all domains in the Active Directory forest where the current domain to which the currently logged-in user belongs.