Wednesday, April 21, 2021

Introducing the $ 10,000 Gold Finger Mini Challenge


I hope this finds you doing well. Today, we are announcing our first $ 10,000 global Gold Finger Mini Challenge.

The $ 10,000 Gold Finger Mini Challenge

We are excited to announce an award of US $ 10,000/- to the first individual who can identify any solution in the world, other than Gold Finger, that can demonstrably do what Gold Finger Mini can, i.e. instantly and accurately determine exactly who can enact the most critical privileged administrative tasks in an Active Directory domain.

Here are the Top 5 Active Directory Privileged Access Audit Insights that Gold Finger Mini can uniquely provide -   
  1. Who can replicate secrets (password hashes) from an Active Directory domain? 
  2. Who can change security permissions on the AdminSDHolder object?
  3. Who can change the membership of the Domain Admins security group?
  4. Who can reset an Active Directory privileged user account's password?
  5. Who can disable the use of Smartcards on an Active Directory user account?

The need to know exactly who can enact these privileged tasks is absolutely essential to securing Active Directory.   

The Challenge

The challenge is simple. All you need to do is -
  1. Try the free version of Gold Finger Mini, downloadable from here, to become familiar with its unique capabilities.

  2. Identify any solution in the world, other than Gold Finger, that you believe can do what Gold Finger Mini can.
    Specifically, identify any solution in the world that can accurately deliver the 5 paramount insights listed above.

  3. Compare and verify the results of the identified solution with Gold Finger Mini's results in the same AD domain. For your convenience, a ready to use lab AD domain with Gold Finger Mini pre-installed, can be downloaded from here.

If you believe you have found a solution, email its name to us at challenge[@] If you don't find a solution, but wish to be eligible for our next challenge (see below), email us and let us know that you didn't find a solution.  

That's it!

List of Active Directory Security Solutions

The following is a list of various Active Directory Security Solutions available today, listed in alphabetical order -
  1. Acldiag (Microsoft)
  2. Aclight (CyberArk)
  3. Active Directory ACL Analyzer* (Paramount Defenses)
  4. Active Directory ACL Exporter* (Paramount Defenses)
  5. Active Directory Effective Permissions Calculator* (Paramount Defenses)
  6. Active Directory Effective Access Auditor* (Paramount Defenses)
  7. Active Directory Membership Auditor* (Paramount Defenses)
  8. Active Directory Permissions Analyzer* (Paramount Defenses)
  9. Active Directory Permissions Reporting Tool (ManageEngine)
  10. Active Directory Privileged Access Auditor* (Paramount Defenses)
  11. Active Directory Security Auditor* (Paramount Defenses)
  12. AD ACL Scanner (Robin Granberg ?)
  13. AD Permissions Reporter (CJWDev)
  14. AD Secure (Attivo Networks)
  15. AD Assessor (Attivo Networks)
  16. Alsid for AD (Alsid)
  17. BeyondTrust Auditor (BeyondTrust)
  18. Bloodhound (SpectreOps)
  19. CrowdStrike Falcon Identity Protection (CrowdStrike)
  20. Dsacls (Microsoft)
  21. Directory Service Protector (Semperis)
  22. Effective Permissions Reporting Tool (Netwrix)
  23. Enterprise Reporter for Active Directory (Quest)
  24. Hyena (Systemtools)
  25. LepideAuditor (Lepide)
  26. Permissions Analyzer for Active Directory (SolarWinds)
  27. Ping Castle (Ping Castle)
  28. PowerShell for Active Directory (Microsoft)
  29. Purple Knight (Semperis)
  30. StealthAUDIT Active Directory Permissions Analyzer (Stealthbits)
  • * These tools are a part of the Gold Finger Suite and are thus not eligible for consideration

If there are any tools that are not on this list but should be, simply leave a comment below, and we will add them to the list.

Submission Deadline

The deadline for submitting an entry is May 16, 2021 i.e. all entries received by 23:59:59 U.S. Pacific Standard Time (PST) on May 16, 2021 will be eligible for participation. The winner will be announced on May 20, 2021 on this blog.

The timestamp at which your email is received will determine the order of submissions. The first submission that identifies a solution other than Gold Finger, that can accurately do what Gold Finger Mini can i.e. deliver the 5 paramount insights listed above, will be the winner. If no submission is able to demonstrably identify such a solution, there will be no winner.

The Next Challenge

We will be issuing our next challenge on May 21, 2021. The reward for the next challenge will be US $ 25,000/-. However, only those individuals who participate in this challenge will be eligible to participate in the next challenge.  

We hope that this will be a fun, rewarding and educational challenge for all IT and cyber security professionals worldwide, and we look forward to hearing from everyone who understands the paramount importance of Active Directory Security.

Thank you.

Kindest regards,
Sanjay Tandon.

Paramount Defenses

Your participation is subject to the Terms of Use of our website and our Privacy Policy. No purchase is necessary to participate in this challenge. This challenge is open to citizens of all nations except Cuba, Iran, North Korea, Syria, Yemen and those against which the U.S. Government may have imposed sanctions.

No comments:

Post a Comment

Paramount Defenses Logo

© 2006 - 2024 Paramount Defenses.
All Rights Reserved.

Your Privacy

We use cookies to give you the best online experience. Please let us know if you accept these cookies.