Close Tier 0 attack paths
Download Forest Druid

Version: Forest Druid 3.0.51

Note: Versions after 3.0.x are not compatible with data collected before 3.0.x. Data will need to be re-collected and classified.
  • Release Date

    Apr 2024

  • SHA256

    4BBC8658F9AB0650F7875ED70AB0CCFEFCF7C0B2725F148D93D1362B0FD2AB28

Please review the Forest Druid user guide for important information before unzipping and executing Forest Druid.

Forest Druid is a free attack path discovery tool, natively compatible with Active Directory, that helps cybersecurity defensive teams quickly prioritize high-risk misconfigurations that could represent opportunities for attackers to gain privileged domain access. Forest Druid helps organizations 1) identify the groups and accounts with access to Tier 0 assets, 2) define Tier 0 assets otherwise missed by default configurations, 3) scan AD for high-risk violations, and 4) protect Tier 0 assets by applying the analysis results to prioritize remediation and cut down excessive privileges with a focus on Tier 0 assets.

 

The user running Forest Druid must have Read permissions to Active Directory. Although the user is not required to be a Domain Admin, users with Domain Admin privileges will be able to see more information. Forest Druid collects data from all domains in the Active Directory forest where the current domain to which the currently logged-in user belongs.