Close Tier 0 attack paths
Download Forest Druid
Note: Versions after 3.0.x are not compatible with data collected before 3.0.x. Data will need to be re-collected and classified.
-
File Type
.zip
-
File Size
210MB
-
Release Date
Jul 2024
-
SHA256
02E2D32E0174057D9AC755BE044A2176804268F1B200586A233FBB4C4302CA85
Please review the Forest Druid user guide for important information before unzipping and executing Forest Druid.
Forest Druid is a free attack path discovery tool, natively compatible with Active Directory, that helps cybersecurity defensive teams quickly prioritize high-risk misconfigurations that could represent opportunities for attackers to gain privileged domain access. Forest Druid helps organizations 1) identify the groups and accounts with access to Tier 0 assets, 2) define Tier 0 assets otherwise missed by default configurations, 3) scan AD for high-risk violations, and 4) protect Tier 0 assets by applying the analysis results to prioritize remediation and cut down excessive privileges with a focus on Tier 0 assets.
The user running Forest Druid must have Read permissions to Active Directory. Although the user is not required to be a Domain Admin, users with Domain Admin privileges will be able to see more information. Forest Druid collects data from all domains in the Active Directory forest where the current domain to which the currently logged-in user belongs.
