Free Tier 0 attack path discovery tool

Stop chasing countless attack paths to Tier 0 assets.

SIGN UP NOW: Claim your spot for priority access to Forest Druid!

Join the Forest Druid priority access list


By signing up for an account, you are agreeing to the Terms & Conditions and Privacy Statement and also agree to receive news & tips via email.

Forest Druid Frequently Asked Questions

  • What is Forest Druid?

    Forest Druid is a free attack path discovery tool, natively compatible with Active Directory, that helps cybersecurity defensive teams quickly prioritize high-risk misconfigurations that could represent opportunities for attackers to gain privileged domain access. Forest Druid helps you 1) identify the groups and accounts with access to Tier 0 assets, 2) define Tier 0 assets otherwise missed by default configurations, 3) scan AD for high-risk violations, and 4) protect Tier 0 assets by applying the analysis results to prioritize remediation and cut down excessive privileges with a focus on Tier 0 assets.

  • How does Forest Druid work?

    Forest Druid simplifies and accelerates attack path analysis by helping you prioritize exposure and vulnerabilities according to their proximity to Tier 0 assets. Forest Druid scans the target AD environment to collect objects and their access relationships. It then categorizes the objects and presents both list and relationship graphs showing the privilege escalation relationships between objects. The assessment results help you understand where objects in lower tiers have privilege escalation relationships to Tier 0 assets. With this data, you can produce a well-defined set of Tier 0 assets and identify all violations of the administrative tiering security model.

  • Who is Forest Druid intended for?

    Forest Druid provides a point-in-time assessment that’s intended to help cybersecurity defensive teams and IT administrators track attack paths from Tier 0 assets that violate the administrative security model, accelerating efforts to discover and eradicate threat actors. You can also use Forest Druid in post-breach scenarios to identify previously undisclosed domain persistence techniques.

  • How is Forest Druid different from other attack path analysis tools?

    Forest Druid saves time for cybersecurity defenders by focusing on attack paths that lead to Tier 0 assets. Rather than analyzing countless attack paths, defenders can use Forest Druid to identify the true Tier 0 assets, scan AD for high-risk violations, and prioritize locking down privileges to Tier 0 assets. This inside-out approach accelerates protection of the enterprise organization’s most sensitive data.

  • Who developed Forest Druid?

    Developed by cybersecurity and Active Directory experts, Forest Druid is the second in a group of free community tools provided by Semperis, which offers Active Directory Forest Recovery (cyber-first disaster recovery for AD) and Directory Services Protector (comprehensive Identity Threat Detection and Response for hybrid AD). Forest Druid joins Purple Knight, a free AD security assessment tool downloaded by 10,000+ organizations that scans the AD environment for indicators of exposure (IOEs) and indicators of compromise (IOCs), provides an overall security score, and offers prioritized remediation guidance.

  • How do I get access to Forest Druid?

    You can join the priority access list by filling out the request form above, and we will let you know as soon as Forest Druid is available. You will receive an email with the download link, a getting-started guide, and additional resources.

  • Where can I learn more about Forest Druid?