my personal blog about systemcenter

Thycotis Weak Password Finder and Microsoft Advanced Threat Analytics

Thycotic made a free tool available to check for bad password in Active Directory

UNCOVER YOUR MOST VULNERABLE SECURITY GAPS: FREE WEAK PASSWORD FINDER FOR ACTIVE DIRECTORY

https://thycotic.com/solutions/free-it-tools/

If we dig into the about file

The core functionality of this product has been inspired by Jakob Heidelberg https://www.linkedin.com/in/heidelberg and developed by Michael Grafnetter https://www.linkedin.com/in/grafnetter.

We can see where the inspiration and development came from , and thank you to Thycotic for making this tool available for free

This is just a quick drill through with the detection from Advanced Threat Analytics

clip_image002[1]

Running on a member server pointing to DC and Domain

clip_image004[1]

Using the overpowered administrator i have logged on with

clip_image006[1]

and ready to scan

clip_image008[1]

Looking through all AD objects

clip_image010[1]

And reporting time

clip_image012[1]

Something very pretty to present to security/management

clip_image014[1]

with 26 items on the todo list to fix

clip_image016[1]

and to the point of the post , Microsoft Advanced Threat Analytics catches the non standard replication

When time permits further digging in the tool , for production enviroment i would always run this in a restored domain controller without network access even though i trust the people involved in this