Purple Knight Update Includes 11 New Pre-attack and Post-attack Security Indicators Mapped to Industry Frameworks Such as MITRE ATT&CK and Adds Support for French ANSSI Framework

HOBOKEN, N.J.–(BUSINESS WIRE)–Semperis, the pioneer of identity-driven cyber resilience for enterprises, today announced the general availability of Purple Knight 1.3, a free security assessment tool built to enhance organizations’ ability to fight identity-related cyberattacks by automatically uncovering Active Directory security weaknesses. The latest update to Purple Knight includes security indicators and prescriptive guidance to detect and remediate recent Microsoft vulnerabilities in the Windows Print Spooler service (PrintNightmare) and PetitPotam, bugs that attackers can exploit to gain full Domain Admin permissions in an organization. These exploits of Microsoft security flaws are the latest tactics that ransomware groups such as Vice Society and Magniber are using to unleash ransomware attacks, according to ZDNet.

“With PrintNightmare and PetitPotam, we continue to see high-impact attack vectors on Windows domains crop up, making it relatively easy for attackers to gain access to environments and very difficult for defenders to mitigate,” said Ran Harel, Semperis Senior Security Product Manager. “With this Purple Knight release, we’re sharing with the community—free of charge—the security indicators that our threat research team initially released to Directory Services Protector customers immediately after the vulnerabilities surfaced in the wild. The intent of Purple Knight is to help organizations—especially those without deep Active Directory experience on staff—detect these weaknesses that are often hard to diagnose and can open the door to devastating attacks.”

Purple Knight 1.3, which brings the total number of pre-attack and post-attack indicators to 75, now maps security indicators to the French National Agency for the Security of Information Systems (ANSSI) framework, in addition to the MITRE ATT&CK framework, which was supported with the first release of the tool.

Since its initial release in March 2021, Purple Knight has tapped an unmet need to identify and address security gaps in Active Directory, the primary identity store for 90% of businesses worldwide and a prime target for cybercriminals because of easily abused AD misconfigurations and the proliferation of sophisticated hacking tools. Thousands of IT and security professionals have downloaded the free tool, and in initial reports, organizations reported average scores of 61%—a barely passing grade. Large organizations fared the worst, challenged by legacy implementations and complex environments further complicated by merger and acquisition activity.

Purple Knight is a standalone utility that scans the Active Directory environment for Indicators of Exposure (IOEs) and Indicators of Compromise (IOCs) and provides a report that includes:

  • An overall Active Directory security score plus scores in five individual categories: Account security, Active Directory delegation, Group Policy security, Active Directory infrastructure, and Kerberos security
  • Details about the detected pre-attack and post-attack security indicators and the probability of compromise
  • Correlation of results to MITRE ATT&CK and ANSSI frameworks

Leading global security-as-a-service and solution providers use Purple Knight to conduct security audits of their customers’ environments.

“With Purple Knight, we have the power of elite Active Directory domain expertise packaged into an easy-to-use, extremely powerful tool,” said Chris Vermilya, Director of Identity and Access Management (IAM) at Fishtech Group. “The tool safely uncovers weak configurations in client environments and helps us quickly close the gaps before attackers can exploit them. Since Active Directory is such a critical system that is constantly targeted, Purple Knight goes a long way in hardening organizational security, starting at the most common initial access point.”

In addition to the new indicators and security framework tagging, Purple Knight 1.3 now includes a separate log file with scan results, scores, and results messages. For more information, visit

About Semperis
For security teams charged with defending hybrid and multi-cloud environments, Semperis ensures integrity and availability of critical enterprise directory services at every step in the cyber kill chain and cuts recovery time by 90%. Purpose-built for securing hybrid Active Directory environments, Semperis’ patented technology protects over 50 million identities from cyberattacks, data breaches, and operational errors. The world’s leading organizations trust Semperis to spot directory vulnerabilities, intercept cyberattacks in progress, and quickly recover from ransomware and other data integrity emergencies. Semperis is headquartered in New Jersey and operates internationally, with its research and development team distributed between San Francisco and Tel Aviv.

Semperis hosts the award-winning Hybrid Identity Protection conference ( The company has received the highest level of industry accolades and was recently ranked #157 in the 2021 Inc. 5000 list,, the most prestigious ranking of the nation’s fastest-growing private companies. Semperis is accredited by Microsoft and recognized by Gartner.



Caroline Morey
fama PR for Semperis