Free POV · Financial Entities under DORA

Find every Domain Admin path
in your AD. In one session.

Free POV designed for small and mid-sized financial entities under DORA — cooperative banking, mid-sized insurance, mutualidades, regulated fintechs. A 1–2h live engagement on your real Active Directory — ADscan runs, you watch, the DORA-ready report ships the same day.

Walk into your next DORA supervisory inspection with same-day technical evidence. No consultants. No weeks of engagement.

DORA EU 2022/2554ISO 27001:2022MITRE ATT&CK

+40

automated attack techniques

1–2h

vs 5–15 days at a consultancy

€0

3 free slots · cooperative banking · insurance · mutualidades · fintechs

Request free session Download datasheet (PDF)

Confidential · For recipient use only · adscanpro.com

AD Verified Guarantee

Included in every free session

No cost · No cap

We work with you until your AD has zero domain compromise paths. The reproducible technical evidence DORA Art. 6 and 9.4 require for supervisor inspection. Every time your team remediates findings from the prior report, we re-run the audit and deliver the delta. No cost. No cap on iterations. Our only condition: remediation between runs.

Assessment flow

Process

From the coordination call to the delivered report. One session, zero handoffs.

Phase	Actions	Your team
Pre-call ~15 minutes	Coordination and preparation ·Mode: remote (VPN) or on-site ·Standard domain user credentials (read-only) ·Session time window ·NDA if your organization requires one	IT / Security lead
Live session ~1–2 hours	Real-time analysis on your AD ·VPN connection with a basic domain user ·ADscan scans your AD live. Your team observes everything on screen ·Controlled execution of 40+ attack techniques. Pause at any time ·Live review of every critical attack path identified	Real-time observation via Teams or Zoom
Automated report At the end of the session	Full report delivered same day ·PDF and Word generated automatically ·Executive Summary for the board or steering committee ·Attack Timeline with risk and business impact ·Attack paths with full exploitation chain ·Remediation prioritized by severity and effort ·Mapped to DORA EU 2022/2554, ISO 27001:2022, MITRE ATT&CK	Report ready for the board, auditor or regulator
Feedback session ~30 min · No commitment	Validation and follow-up ·Does the report cover what your auditor needs? ·Iterations on the report if required ·Technical Q&A on the findings	We only ask for 30 min of honest feedback. Zero sales pressure.

Operational safety

Safety by design

Built for production AD environments. Built for regulated sectors.

Zero exfiltration

Your AD data never leaves your network. Nothing is sent to external servers during the session.

No agents · No changes

ADscan installs nothing and modifies no AD configuration. Safe to run in production.

Full cleanup at finish

All artifacts generated in the environment are removed. The environment is left exactly as it was.

Full legal framework

NDA available before kickoff. The assessment runs only with written authorization from your organization.

Alternatives

ADscan vs the alternatives

Same evidence a consultancy ships. A fraction of the time. No invoice.

	Traditional consultancy	ADscan POV	BAS / CTEM platform
Cost	€3,000–€10,000	€0 (free)	~$100K / year
Time to results	5–15 business days	1–2 hours	Days to deploy
Automated report	No · Hand-written	Yes · Always	Yes · Always
DORA mapping	Varies by firm	Included	Partial
Exploitable attack paths	Depends on pentester	Always	Always
Outcome guarantee	None	Re-audit at no cost until AD is clean	None

DORA EU 2022/2554

In force since Jan 2025

Financial entities under DORA (Art. 24–27) must evidence periodic ICT resilience testing to the supervisor. The ADscan report mapped to DORA is exactly what your auditor asks for. Generated automatically inside the same assessment session.

Why this matters

What an external pentest costs you

What a consultancy ships in 5–15 days for €5,000–10,000, ADscan ships in hours.

70%+

of AD users have a path to Domain Admin · SpecterOps research

10x

faster than a traditional consultancy engagement

Jan ’25

DORA in force · financial entities must evidence ICT resilience

Results in hours

The full session runs in 1–2h. The report is generated automatically the moment it ends.

Your data, your network

Active Directory data never leaves your perimeter. The report is yours, only yours.

DORA-ready in 24h

Automatic mapping to DORA EU 2022/2554 (Art. 24–27) and ISO 27001:2022. The artifact your supervisor actually asks for.

3 free slots · Limited availability

Request your free session

Fill in the form, pick a slot on Calendly, we confirm by reply.

No agents · No infra changes · Report delivered same session

Step 1 of 3Contact Information

Reply in under 24h · Confidential · Zero sales pressure

About

ADscan in one paragraph

ADscan is the open-source pentesting tool focused on Active Directory. 40+ real attack techniques, built for regulated environments. It automates Kerberoasting, AS-REP Roasting, ESC1–ESC13 (ADCS), DCSync, delegation abuse, ZeroLogon, PrinterBug and more. It builds exploitable attack paths and ships a full report mapped to MITRE ATT&CK and DORA EU 2022/2554 and ISO 27001:2022.