ADTrapper: Open-Source Active Directory Security Analysis Platform

🔐 Introducing ADTrapper - an open-source Active Directory security analysis platform that transforms Windows authentication logs into interactive visualizations and actionable threat intelligence.

🎯 WHAT IS ADTRAPPER?
ADTrapper is an open-source security analysis platform specifically designed for analyzing Active Directory authentication logs. It provides visual threat detection, automated anomaly analysis, and comprehensive coverage of AD CS vulnerabilities (ESC1-ESC16).

✨ KEY FEATURES
• 54+ Detection Rules - Brute force, password spray, privilege escalation, ADCS attacks
• Interactive Graph Visualization - Force-directed graphs showing authentication relationships
• AD CS Security - ESC1-ESC16 vulnerability detection (Locksmith compatible)
• SharpHound Integration - BloodHound data analysis
• Splunk HEC Integration - Forward alerts to your SIEM
• REST API - Automate threat hunting workflows
• No Authentication Required - Quick analysis for incident response
• Docker Deployment - Production-ready in 5 minutes

🛡️ DETECTION CAPABILITIES
Authentication Attacks: Brute force, password spray, credential stuffing
Behavioral Anomalies: Geographic anomalies, impossible travel, off-hours access
Privilege Escalation: Explicit credentials, privilege chains, service account abuse
AD CS Vulnerabilities: ESC1-ESC16, certificate theft, CA backup access
Network Patterns: SMB enumeration, RDP abuse, NTLM relay detection


🔗 LINKS
GitHub: https://github.com/MHaggis/ADTrapper
Documentation: https://github.com/MHaggis/ADTrapper#...
Detection Rules: https://github.com/MHaggis/ADTrapper/...

📚 RESOURCES MENTIONED
• Locksmith (Jake Hildreth): AD CS security assessment tool
• BloodHound/SharpHound: AD attack path analysis