Buy now

Wednesday, May 5, 2021

The $ 25,000 Gold Finger Mini Challenge

Folks,

I hope this finds you doing well. Today, we are announcing our second global Gold Finger Mini Challenge for US $ 25,000.



The $ 25,000 Gold Finger Mini Challenge


We are excited to announce an award of US $ 25,000/- to the first individual who can identify any solution in the world, other than Gold Finger, that can demonstrably do what the Advanced level of Gold Finger Mini can. Details below -



Here are the Top 7 Active Directory Privileged Access Audit that the Advanced level of Gold Finger Mini can provide -   
  1. Who can replicate secrets (password hashes) from an Active Directory domain? 
  2. Who can reset the password of an Active Directory domain user's account?
  3. Who can disable the use of Smartcards on an Active Directory account?
  4. Who can change an Active Directory security group's membership?
  5. Who can change security permissions on an Active Directory OU?
  6. Who can link a group policy (GPO) to an Active Directory OU?
  7. Who can create an Active Directory user account in an OU? 

The need to know exactly who can enact these privileged tasks is absolutely paramount.



Paramount Privileged Access Insights

The unauthorized, accidental or coerced enactment of virtually all administrative tasks listed above could instantly result in a colossal breach far greater (damaging) in impact than even the recent SolarWinds Hack.


Consider this -
  1. Anyone who could replicate secrets from Active Directory, effortlessly enactable via the use of Mimikatz DCSync, could instantly compromise the credentials of all (thousands) of organizational domain user accounts resulting in a colossal breach bigger than the Solar Winds Hack.

  2. Anyone who could reset the password of a domain user account would in effect have instantly compromised the identity of that account, such as that of a C-Level Executive, a Software Developer etc. He/she could then login as that account and instantly obtain access to everything that account has access to. If the target were an Active Directory privileged user account, it would be tantamount to a colossal, system-wide breach.

  3. Anyone who could disable the use of Smartcards for interactive logon, would in effect have downgraded security on that account, forcing authentication to being password based, and a simple password reset of that domain user account could be used to instantly compromise it.

  4. Anyone who could change the membership of a domain security group could instantly obtain domain-wide access to all IT resources that the compromised group has access to, such as All Employees, Source-Code Access, AccountingCloud Global Admins etc. If the target were an Active Directory privileged group, such as Domain Admins, it would be tantamount to a colossal, system-wide breach.

  5. Anyone who could modify the security permissions on an Active Directory OU could easily gain privileged access on all Active Directory objects e.g. user accounts, computers, security groups, service connection points etc. that reside in that OU. In numerous ways, this could easily be used to elevate/escalate privilege and gain Domain Admin equivalent access, resulting in a colossal breach.

  6. Anyone who could link a GPO to an Active Directory OU could instantly control the security of all computers whose domain computer accounts reside in that OU. This could be used to easily circumvent all endpoint-protection controls, deliver malicious payloads or instantly unleash malware on thousands of domain-joined computers.

  7. Anyone who could create a domain user account in Active Directory could then use that account to engage in nefarious activities that couldn't be traced back to a uniquely identifiable individual, thereby enabling the perpetrator to evade accountability while engaging in nefarious recon or attack activities.  

Consequently, the need to know exactly who can enact these administrative tasks in an organization's foundational Active Directory deployment is absolutely paramount to organizational cyber security today. 




The $ 25,000 Challenge

Our challenge is simple. All you need to do is -
  1. Try the Advanced level of Gold Finger Mini, downloadable from here, to experience its unique capabilities.

  2. Identify any solution in the world, other than Gold Finger, that you believe can do what Gold Finger Mini can.

    Specifically - Identify any solution in the world that can accurately deliver the 7 paramount insights listed above.

  3. Compare and verify the results of the identified solution with Gold Finger Mini's results in the same AD domain. For your convenience, a ready to use lab AD domain with Gold Finger Mini pre-installed, can be downloaded from here.

If you believe you have found a solution, email its name to us at challenge[@]paramountdefenses.com. If you don't find a solution, but wish to be eligible for our next challenge (see below), email us and let us know that you didn't find a solution.  




List of Popular Active Directory Security Solutions

To help make it easy for you to find other solutions that you could compare Gold Finger Mini with, here is a list of various Active Directory Security Solutions available today, listed in alphabetical order -
  1. Acldiag (Microsoft)
  2. Aclight (CyberArk)
  3. Active Directory ACL Analyzer* (Paramount Defenses)
  4. Active Directory ACL Exporter* (Paramount Defenses)
  5. Active Directory Effective Permissions Calculator* (Paramount Defenses)
  6. Active Directory Effective Access Auditor* (Paramount Defenses)
  7. Active Directory Membership Auditor* (Paramount Defenses)
  8. Active Directory Permissions Analyzer* (Paramount Defenses)
  9. Active Directory Permissions Reporting Tool (ManageEngine)
  10. Active Directory Privileged Access Auditor* (Paramount Defenses)

  11. Active Directory Security Auditor* (Paramount Defenses)
  12. AD ACL Scanner (Robin Granberg ?)
  13. AD Permissions Reporter (CJWDev)
  14. AD Secure (Attivo Networks)
  15. AD Assessor (Attivo Networks)
  16. Alsid for AD (Alsid)
  17. BeyondTrust Auditor (BeyondTrust)
  18. Bloodhound (SpectreOps)
  19. CrowdStrike Falcon Identity Protection (CrowdStrike)
  20. Dsacls (Microsoft)

  21. Directory Service Protector (Semperis)
  22. Effective Permissions Reporting Tool (Netwrix)
  23. Enterprise Reporter for Active Directory (Quest)
  24. Hyena (Systemtools)
  25. LepideAuditor (Lepide)
  26. Permissions Analyzer for Active Directory (SolarWinds)
  27. Ping Castle (Ping Castle)
  28. PowerShell for Active Directory (Microsoft)
  29. Purple Knight (Semperis)
  30. StealthAUDIT Active Directory Permissions Analyzer (Stealthbits)
  • * These tools are a part of the Gold Finger Suite and are thus not eligible for consideration

If there are any tools that are not on this list but should be, simply leave a comment below, and we will add them to the list.




Submission Deadline

The deadline for submitting an entry for our second challenge is May 16, 2021 i.e. all entries received by 23:59:59 U.S. PST on May 16, 2021 will be eligible for participation. The winner will be announced on May 20, 2021 on this blog.

The timestamp at which your email is received will determine the order of submissions. The first submission that identifies a solution other than Gold Finger, that can accurately do what Gold Finger Mini can i.e. deliver the 7 paramount insights listed above, will be the winner. If no submission is able to demonstrably identify such a solution, there will be no winner.




The Next Challenge

We will be issue our next challenge on May 21, 2021. The reward for the next challenge will be US $ 50,000/-.
However, only those individuals who participate in this challenge will be eligible to participate in the next challenge.  




Summary

Almost all major breaches in the last decade, including the SolarWinds Hack, involved the compromise and misuse of just one Active Directory privileged user account. Of note, the SolarWinds hackers only targeted Active Directory environments.
The objective of this challenge is to help organizations as well as IT and cyber security personnel worldwide become aware of the paramount importance of knowing exactly who has what privileged access in Active Directory, and to help organizations realize just how substantially inadequate their existing Active Directory audit toolsets are today.

We hope that this will be an educational challenge for all IT and cyber security professionals worldwide, and we look forward to hearing from everyone who understands the paramount importance of Active Directory Security.


Thank you.

Kindest regards,
Sanjay Tandon.

Chairman and CEO,
Paramount Defenses


Your participation is subject to the Terms of Use of our website and our Privacy Policy.

Wednesday, April 21, 2021

Introducing the $ 10,000 Gold Finger Mini Challenge

Folks,

I hope this finds you doing well. Today, we are announcing our first $ 10,000 global Gold Finger Mini Challenge.



The $ 10,000 Gold Finger Mini Challenge


We are excited to announce an award of US $ 10,000/- to the first individual who can identify any solution in the world, other than Gold Finger, that can demonstrably do what Gold Finger Mini can, i.e. instantly and accurately determine exactly who can enact the most critical privileged administrative tasks in an Active Directory domain.


Here are the Top 5 Active Directory Privileged Access Audit Insights that Gold Finger Mini can uniquely provide -   
  1. Who can replicate secrets (password hashes) from an Active Directory domain? 
  2. Who can change security permissions on the AdminSDHolder object?
  3. Who can change the membership of the Domain Admins security group?
  4. Who can reset an Active Directory privileged user account's password?
  5. Who can disable the use of Smartcards on an Active Directory user account?

The need to know exactly who can enact these privileged tasks is absolutely essential to securing Active Directory.   



The Challenge

The challenge is simple. All you need to do is -
  1. Try the free version of Gold Finger Mini, downloadable from here, to become familiar with its unique capabilities.

  2. Identify any solution in the world, other than Gold Finger, that you believe can do what Gold Finger Mini can.
    Specifically, identify any solution in the world that can accurately deliver the 5 paramount insights listed above.

  3. Compare and verify the results of the identified solution with Gold Finger Mini's results in the same AD domain. For your convenience, a ready to use lab AD domain with Gold Finger Mini pre-installed, can be downloaded from here.

If you believe you have found a solution, email its name to us at challenge[@]paramountdefenses.com. If you don't find a solution, but wish to be eligible for our next challenge (see below), email us and let us know that you didn't find a solution.  

That's it!



List of Active Directory Security Solutions

The following is a list of various Active Directory Security Solutions available today, listed in alphabetical order -
  1. Acldiag (Microsoft)
  2. Aclight (CyberArk)
  3. Active Directory ACL Analyzer* (Paramount Defenses)
  4. Active Directory ACL Exporter* (Paramount Defenses)
  5. Active Directory Effective Permissions Calculator* (Paramount Defenses)
  6. Active Directory Effective Access Auditor* (Paramount Defenses)
  7. Active Directory Membership Auditor* (Paramount Defenses)
  8. Active Directory Permissions Analyzer* (Paramount Defenses)
  9. Active Directory Permissions Reporting Tool (ManageEngine)
  10. Active Directory Privileged Access Auditor* (Paramount Defenses)
  11. Active Directory Security Auditor* (Paramount Defenses)
  12. AD ACL Scanner (Robin Granberg ?)
  13. AD Permissions Reporter (CJWDev)
  14. AD Secure (Attivo Networks)
  15. AD Assessor (Attivo Networks)
  16. Alsid for AD (Alsid)
  17. BeyondTrust Auditor (BeyondTrust)
  18. Bloodhound (SpectreOps)
  19. CrowdStrike Falcon Identity Protection (CrowdStrike)
  20. Dsacls (Microsoft)
  21. Directory Service Protector (Semperis)
  22. Effective Permissions Reporting Tool (Netwrix)
  23. Enterprise Reporter for Active Directory (Quest)
  24. Hyena (Systemtools)
  25. LepideAuditor (Lepide)
  26. Permissions Analyzer for Active Directory (SolarWinds)
  27. Ping Castle (Ping Castle)
  28. PowerShell for Active Directory (Microsoft)
  29. Purple Knight (Semperis)
  30. StealthAUDIT Active Directory Permissions Analyzer (Stealthbits)
  • * These tools are a part of the Gold Finger Suite and are thus not eligible for consideration

If there are any tools that are not on this list but should be, simply leave a comment below, and we will add them to the list.




Submission Deadline

The deadline for submitting an entry is May 16, 2021 i.e. all entries received by 23:59:59 U.S. Pacific Standard Time (PST) on May 16, 2021 will be eligible for participation. The winner will be announced on May 20, 2021 on this blog.

The timestamp at which your email is received will determine the order of submissions. The first submission that identifies a solution other than Gold Finger, that can accurately do what Gold Finger Mini can i.e. deliver the 5 paramount insights listed above, will be the winner. If no submission is able to demonstrably identify such a solution, there will be no winner.




The Next Challenge

We will be issuing our next challenge on May 21, 2021. The reward for the next challenge will be US $ 25,000/-. However, only those individuals who participate in this challenge will be eligible to participate in the next challenge.  




We hope that this will be a fun, rewarding and educational challenge for all IT and cyber security professionals worldwide, and we look forward to hearing from everyone who understands the paramount importance of Active Directory Security.

Thank you.

Kindest regards,
Sanjay Tandon.

CEO,
Paramount Defenses


Your participation is subject to the Terms of Use of our website and our Privacy Policy. No purchase is necessary to participate in this challenge. This challenge is open to citizens of all nations except Cuba, Iran, North Korea, Syria, Yemen and those against which the U.S. Government may have imposed sanctions.

Monday, February 22, 2021

Introducing the Paramount Defenses Online Store

Folks, 

As CEO of Paramount Defenses, it is my privilege and pleasure to unveil, introduce and launch the Paramount Defenses Online Store - Paramount Defenses Opens Online Store to Empower Organizations Worldwide

For some time now, we've had many organizations from across the world request us to provide them the capability to buy Gold Finger and Gold Finger Mini licenses online, so we're launching our online store to empower organizations to do so.



Instant Purchases & Flexible Licensing

Starting today, you can now buy a license of any of our Active Directory Audit products online from anywhere in the world. 

In addition, we are also introducing the ability to buy short-term licenses of all our twelve Active Directory Audit products so that organizations and IT professionals can now easily license our products on a monthly, quarterly or an annual basis.

With flexible short-term licensing options, organizations, IT professionals and consultants can easily license any tool for as little as one month or a quarter, for a fraction of the cost of an annual license, thereby cost-effectively fulfilling their needs.

Our organizational customers will continue to have the option to acquire annual licenses that provide maximum savings.



Now Open

Our online store is now open to serve organizations in 150+ countries worldwide - https://store.paramountdefenses.com.


Best wishes,
Sanjay

Wednesday, February 10, 2021

Introducing the Advanced Level of Gold Finger Mini

Folks, 

Today, I'd like to introduce you to the Advanced Level of Gold Finger Mini, quite possibly the world's most capable and powerful cyber security solution -
Gold Finger Mini is the world's only cyber security solution (other than Gold Finger) that can accurately and instantly find out and reveal exactly who has the most powerful privileged access in Active Directory and its Advanced Level offers eight unrivaled fully-automated Active Directory Privileged Access reports that instantly determine and reveal who can enact the most powerful administrative tasks in Active Directory.



Unrivaled Privileged Access Insight

The reports in the Advanced Level of Gold Finger Mini were designed to empower IT personnel, Cyber Security Auditors, Penetration Testers, Ethical Hackers and CISOs at organizations worldwide instantly and accurately determine exactly -

  1. Who can replicate secrets (password hashes) from an Active Directory domain?

  2. Who can reset any Active Directory domain user account's password?

  3. Who can disable the use of Smartcards on any Active Directory account?

  4. Who can change any Active Directory security group's membership?

  5. Who can change permissions on any Active Directory OU (Organizational Unit) ?

  6. Who can change any Active Directory computer account's SPNs (Service Principal Names)?

  7. Who can link a group policy (GPO) to any Active Directory OU?

  8. Who can create an Active Directory user account in any OU?

The cyber security intelligence that these reports uniquely deliver are absolutely essential for securing Active Directory.

However, what you may not know is that, contrary to popular belief, it is very difficult to accurately find out who can enact these privileged tasks in Active Directory, because to do so, one needs to determine Active Directory effective permissions.

Gold Finger Mini is simply the world's only cyber security solution (other than Gold Finger) that can accurately determine effective permissions in Active Directory and accurately make these paramount determinations, at the touch of a button, so now everyone can instantly find out exactly who has the most powerful privileged access in any Active Directory. 




Instant, Unrivaled High-Value Intelligence

As you know, such critical information can be very valuable if you're performing an Active Directory Privileged Access Audit or an Active Directory Security Assessment or if you're trying to pen-test/ethically hack an organization's Active Directory.


If you could find out exactly who can replicate secrets (password hashes) from an Active Directory domain (e.g. by using Mimikatz DCSync), or who can change the membership of any Active Directory security group, such as Domain Admins, or who can reset the password of any domain user account, such as the Administrator account, or who can modify the ACL protecting an organizational unit (OU) that contains thousands of domain user and computer accounts etc. you'd be just one step away from being able to obtain Domain Admin level privileged access in an organization.

The Advanced Level of Gold Finger Mini empowers organizations to be able to instantly and accurately assess who has sufficient privileged access in Active Directory so as to be able to enact the most highly sensitive/powerful administrative tasks that could used to escalate privilege and consequently gain access to just about any IT resource in an organization.


If you were on the defending side, you could instantly lock down privileged access in Active Directory to remove any and all such critical unauthorized access that could instantly result in a massive breach.

If you were on the attacking side (as an ethical hacker or a penetration tester), you could instantly identify the quickest and shortest privilege escalation path leading to any object of interest in Active Directory, whether it be the Administrator account or the CEO's domain user account, the Domain Admins security group or a security group that controls access to a specific organizational IT resource (e.g. Source code Access), any Smartcard enabled account, any organizational unit (OU) containing thousands of Active Directory objects, or the credentials of all domain user accounts in an organization.

With Gold Finger Mini, you can instantly make these paramount determinations at the touch of a button, in seconds, without requiring any admin access or having to do complex Active Directory permissions analysis. Click and done!



Summary

Gold Finger Mini democratizes the unique, high-value, unrivaled cyber security intelligence that our flagship Gold Finger tooling can deliver, and in doing so, it empowers thousands of organizations and millions of IT professionals worldwide to easily, cost-effectively and instantly obtain mission-critical Active Directory privileged access insights.

The Advanced Level of Gold Finger Mini empowers everyone to be able to instantly find out i.e. assess/audit exactly who has the most sensitive/powerful privileged access on virtually any object in any Active Directory domain in the world.

There's simply nothing in the world that compares to it, and to find out why, you just have to try it for yourself.

To learn more and to download the free version, please visit - www.paramountdefenses.com/products/goldfinger-mini
 

Best wishes,
Sanjay

Tuesday, February 2, 2021

Introducing Gold Finger Mini

Folks, 

As CEO of Paramount Defenses and as former Microsoft Program Manager for Active Directory Security, it is my privilege and pleasure to introduce Gold Finger Mini, possibly the world's most powerful and capable cyber security solution -
Gold Finger Mini is the world's only cyber security solution (other than Gold Finger) that can accurately and instantly find out and reveal exactly who has sufficient privileged access in Active Directory so as to be able to perform the most critical administrative tasks in an Active Directory environment, the enactment of which could result in an Active Directory breach.



Unrivaled Privileged Access Insight

Gold Finger Mini is simply the world's only solution that can instantly and accurately determine and reveal exactly -

  1. Who can reset my (as in your) Active Directory account's password?

  2. Who can reset an executive's Active Directory account's password?

  3. Who can reset an Active Directory privileged account's password?

  4. Who can change the Domain Admins security group's membership?

  5. Who can change security permissions on the AdminSDHolder object?

  6. Who can create an Active Directory account in the Users container?

  7. Who can link a group policy (GPO) to the Domain Controllers OU?

  8. Who can enable a disabled Active Directory account? 

You may know that anyone who can enact any privileged task in red above could instantly compromise Active Directory.

However, what you may not know is that, contrary to popular belief, it is very difficult to accurately find out who can enact these privileged tasks in Active Directory, because to do so, one needs to determine Active Directory effective permissions.

Gold Finger Mini is simply the world's only cyber security solution (other than Gold Finger) that can accurately determine effective permissions in Active Directory and accurately make these paramount determinations, at the touch of a button, so now everyone can instantly find out exactly who has some of the most powerful privileged access in any Active Directory. 




Instant High-Value Intelligence

As you know, such critical information can be very valuable if you're performing an Active Directory Privileged Access Audit or an Active Directory Security Assessment or if you're trying to pen-test/ethically hack an organization's Active Directory.


If you could find out exactly who can change the membership of the Domain Admins security group in Active Directory, or who can reset the password of any domain admin account, or who can modify the ACL protecting the AdminSDHolder account, you'd be just one step away from being able to obtain Domain Admin level privileged access in an organization.

If you were on the defending side, you could instantly lock down privileged access in Active Directory to remove any and all such critical unauthorized access that could instantly result in a massive breach, and if you're on the attacking side, you could instantly identify the quickest and shortest privilege escalation path leading to Domain Admin in an organization.   

With Gold Finger Mini, you can make these paramount determinations at the touch of a button, within seconds, without requiring any admin access or having to do complex Active Directory permissions analysis. One click and you're done! 
   


The Advanced Level

That's not all. What I have described above is merely what one can do at Basic level. There is also an Advanced level for professionals and the information it delivers is the most advanced Active Directory privileged access insight one can gain.  

I'll cover the Advanced level reports in a separate post because those reports are so powerful that the insights they reveal could be used to find out exactly who can enact what administrative tasks on almost any object in Active Directory, and that intel could easily be used to determine 1000s of privilege escalation paths to almost every object in Active Directory.



The Free Edition

Gold Finger Mini is available in two licensable (paid) editions and one free edition. In days to come, we will share details about the paid editions of Gold Finger Mini. Today, I just wanted to share this much with you, and let you know the power of Gold Finger is now available to everyone in Gold Finger Mini, and the free edition is now available on our website.

The free edition is 100% free, instantly downloadable and can be installed on any domain-joined machine in a minute.



Press Release

To summarize, Gold Finger Mini democratizes the unique, high-value, unrivaled cyber security intelligence that our flagship Gold Finger tooling can deliver, and in doing so, it empowers thousands of organizations and millions of IT professionals worldwide to easily, cost-effectively and instantly obtain mission-critical Active Directory privileged access insights.

For more info, and to download the free version, please visit - www.paramountdefenses.com/products/goldfinger-mini
 
      
Best wishes,
Sanjay
  

PS: This is the announcement I had alluded to a few days ago, and if you haven't yet figured out how this one little thing could profoundly impact foundational cyber security worldwide, don't worry, in a few days you will have figured it out :-)
Paramount Defenses Logo

© 2006 - 2021 Paramount Defenses.
All Rights Reserved.

Your Privacy

We use cookies to give you the best online experience. Please let us know if you accept these cookies.