Microsoft Active Directory (AD) is one of the technologies that is predominantly used in several organizations around the world. While we all know its purpose, most of the time it keeps growing or gets convoluted with uncontrolled Organizational Units, ever growing Users, ever increasing Computers, Policies, Integrations etc. While the Administrators remain busy in putting out the fires at work, they rarely get time to optimize, tune, clean or deploy best practices on the AD, and lock it down by implementing good security controls.
Enter PingCastle. I found this tool through an auditor who was using mimkatz to perform a pentest on an AD, and I found it to be super valuable. This may help some of the AD Admins to quickly identify some of the areas that they can fix within their AD deployments. The entire Pingcastle project is written in C# and it is available on GitHub, located at: https://github.com/vletoux/pingcastle
It is an AD security assessment tool, designed to quickly assess the AD security level with a methodology based on a risk assessment and maturity framework.
Features of PingCastle
To learn more about this tool, please visit https://www.pingcastle.com/