BTA is an open-source Active Directory security audit framework. Its goal is to help auditors harvest the information they need to answer such questions as:

• Who has rights over a given object (computer, user account, etc.)?
• Who can read a given mailbox?
• Which are the accounts with domain admin rights?
• Who has extended rights (userForceChangePassword, SendAs, etc.)?
• What are the changes done on an AD between two points in time?

The framework is made of

• an importer able to translate a ntds.dit file, containing all the AD data, into a database
• tools to query the database
  • AD miner framework
  • AD diff utility
  • small utilities (list of databases, etc.)

The comprehensive set of attributes are imported and can be querried including all schema extensions (Exchange, Sharepoint, etc.).

Each question can be crystallized by an AD expert as a miner so that it can be used during all audits without doing the hard work again.

Installing BTA