Close Tier 0 attack paths
Download Forest Druid
Note: Versions after 3.0.x are not compatible with data collected before 3.0.x. Data will need to be re-collected and classified.
-
File Type
.zip
-
File Size
197MB
-
Release Date
Dec 2024
-
SHA256
BC7F2CB8786636F0A830C7591820256228558A36C5ECAEA0620287248667A312
Please review the Forest Druid user guide for important information before unzipping and executing Forest Druid.
Forest Druid is a free attack path discovery tool, natively compatible with Active Directory, that helps cybersecurity defensive teams quickly prioritize high-risk misconfigurations that could represent opportunities for attackers to gain privileged domain access. Forest Druid helps organizations 1) identify the groups and accounts with access to Tier 0 assets, 2) define Tier 0 assets otherwise missed by default configurations, 3) scan AD for high-risk violations, and 4) protect Tier 0 assets by applying the analysis results to prioritize remediation and cut down excessive privileges with a focus on Tier 0 assets.
The user running Forest Druid must have Read permissions to Active Directory. Although the user is not required to be a Domain Admin, users with Domain Admin privileges will be able to see more information. Forest Druid collects data from all domains in the Active Directory forest where the current domain to which the currently logged-in user belongs.