Do you know what an attacker sees in your Active Directory?
For regulated entities under DORA, ENS Alto, and NIS2: ADscan shows you exactly what attackers can exploit in your AD — in 48 hours, against your real environment, no external consultants, without touching anything.
Banking · Insurance · Healthcare · Critical Infrastructure
AD is the #1 target. When did you last look at it as an attacker would?
Annual pentests aren't enough
Attackers look for paths 24/7. A consultancy charges €15k–50k for a one-day snapshot — and you need to repeat it every 6 months.
Compliance tools don't detect exploitability
ENS and ISO 27001 verify controls. They don't check if those controls are exploitable in chains.
Your team doesn't have time to analyze AD like an attacker
BloodHound exists. But someone has to interpret it, correlate it, and turn it into action.
⚠️ DORA (in force Jan 2025) and NIS2 require documented AD technical controls. Every audit cycle without visibility is real regulatory exposure — fines up to €10M or 2% of annual turnover.
Pentest-grade AD security intelligence, in 3 steps
No agents. No infrastructure changes. From a domain-joined Windows VM.
Deploy
Deploy in hours, not months. No agents, no special VPN.
Discover
Full AD enumeration, attack path analysis, critical vulnerability detection.
Report
Executive report for CISO and board. Technical report for IT. MITRE ATT&CK mapped.
ADscan in action
Attack paths from standard users to Domain Admin — detected automatically
22 Tier-0 paths detected · DOMAIN USERS → Domain Admin in 3 steps · Lab environment
Safe by design
Read-only by default
Never modifies AD objects, accounts, or GPOs without your explicit confirmation. Same read surface as any authenticated domain user.
See what it reads vs. never doesOperator confirms every step
Every exploitation step requires explicit operator confirmation. ADscan never autonomously writes to AD. Ever.
Read the 6 architecture principles100% on-prem
AD data, findings, and reports never leave your network. Offline license. Air-gapped deployments supported.
See data sovereignty detailsCapabilities designed for the CISO
Complete attack path visibility
Detect exactly how an attacker can reach Domain Admin from a standard user.
Simulation with operator confirmation
Doesn't modify anything without your confirmation. Pentest rigor, production control.
Reports for board and audit
Executive for CISO/board. Technical for IT. MITRE ATT&CK, ENS, NIS2.
Deploy in hours, not months
No agents. No infrastructure changes. Domain-joined Windows VM.
Spanish regulatory framework
ENS Alto (CCN-CERT), NIS2, ISO 27001, DORA, GDPR. Traceable evidence for audits.
Continuous validation, not one-time
Repeat analysis when the environment changes. Detect regressions before auditors do.
Calculate your risk exposure
Based on IBM Cost of Data Breach 2024 and Verizon DBIR 2024 data
AD Risk Exposure Calculator
Estimate your annual exposure to AD-related breaches and the expected ROI of ADscan. Based on IBM Cost of Data Breach 2024 and Verizon DBIR 2024.
Estimated ADscan annual cost: €24,000
Estimates based on IBM Cost of Data Breach 2024 and Verizon DBIR 2024. Actual results vary by environment.
Request DemoDesigned for the Spanish regulatory framework
Generate traceable evidence to comply with Spain's National Security Scheme (High level).
DORA is law since January 2025 — not a future date. The Bank of Spain activated its supervisory channel in February 2025. Entities that cannot present technical evidence of their ICT controls to their supervisor are exposed. ADscan generates the report the same day.
Aligned with ISO 27001:2022 asset management and operational security controls.
AD data, findings, and reports never leave your network. Usage telemetry is anonymous, sanitized, and opt-out. Data sovereignty guaranteed.
Free AD Exposure Assessment
AD Verified Guarantee: we work with you until your AD has zero domain compromise paths — we re-audit as many times as needed at no cost, as long as you remediate between runs.
This session · No card · No agents · No infrastructure changes
What's included:
- Full audit: 41 exposure checks + chained attack paths against your real environment
- Executive report for CISO/board + technical report for IT (ENS Alto, NIS2, ISO 27001, DORA)
- Results in 48 hours · No agents · No infrastructure modifications
DORA in force since January 2025. Supervisory reviews are now active. Each week without technical evidence increases regulatory exposure.
Free with 3 conditions
1.Run it on a real environment
2.Give honest feedback after
3.Recommend it if it delivers
FAQ
DORA is already in force — do you have the technical evidence your supervisor can ask for?
The CISO who arrives at the board meeting with the report before the incident makes the decisions. The one who arrives after executes under pressure. AD Verified Guarantee: we work with you until your AD has zero domain compromise paths — we re-audit as many times as needed at no cost.