BTA – Active Directory security audit framework

0
0

BTA is an open-source Active Directory security audit framework. Its goal is to help auditors harvest the information they need to answer such questions as:

  • Who has rights over a given object (computer, user account, etc.) ?
  • Who can read a given mailbox ?
  • Which are the accounts with domain admin rights ?
  • Who has extended rights (userForceChangePassword, SendAs, etc.) ?
  • What are the changes done on an AD between two points in time ?

The framework is made of

  • an importer able to translate a ntds.dit file, containing all the AD data, into a database
  • tools to query the database
    • AD miner framework
    • AD diff utility
    • small utilities (list of databases, etc.)

The comprehensive set of attributes are imported and can be quarried including all schema extensions (Exchange, Sharepoint, etc.).

BTA - Active Directory security audit framework

BTA – Active Directory security audit framework

If you are using Active Directory on your network it will be important to scan/fix vulnerabilities on going and make configuration check using BTA to report any misconfguration on the system.

You can read more and download BTA here: https://github.com/airbus-seclab/

Share