Bounty

Protect Your Digital Treasure

Bounty is an Active Directory hardening tool that compares your users' password hashes against a database of cracked and leaked credentials. Like a vigilant guardian, Bounty proactively identifies weak or compromised accounts before they can be exploited. This empowers you to enforce a stronger authentication posture across your enterprise environment and stay ahead of potential threats.

Secure Your Domain's Most Valuable Assets

• Secure Hash Comparison

  Like a seasoned treasure hunter consulting a trusted guide, Bounty securely checks your Active Directory password hashes against an encrypted database of known cracked credentials. It identifies vulnerable accounts without ever exposing your sensitive data, ensuring both security and insight.

• Flexible Hash Processing Options

  Choose between sending NTLM hashes for comprehensive analysis or more secure hash digests for 1:1 matching. Full hashes undergo rigorous testing against specialized wordlists, rules, and masks to detect even low-entropy permutations of known compromised passwords, while digests offer maximum security with targeted matching.

• Active Directory Integration

  Bounty integrates seamlessly with your Active Directory environment, allowing for targeted auditing of specific user groups, OUs, or the entire domain. This precision targeting ensures you can focus your security efforts where they matter most.

• Password Hygiene Enforcement

  Beyond simple detection, Bounty provides comprehensive tools for enforcing resilient password policies, helping organizations implement and maintain strong password hygiene across their entire user base.

• Complete Data Isolation

  Your company identity and usernames are fully decoupled from submitted hash data. Authentication occurs through a separate secure channel, and absolutely no organizational or user identifiers are ever attached to password hashes or digests. This architectural separation ensures your sensitive data cannot be linked back to your organization or specific users, providing an additional layer of security and privacy protection. Hashes exist in isolation—completely untraceable to their source.

• Secure Authentication

  Bounty authentication credentials are never stored locally on your systems. The tool supports popular two-factor authentication methods, ensuring that only authorized security personnel can access the system and its findings. This zero-footprint authentication approach adds another layer of protection to your security operations.

• Privileged Local Operation

  Bounty operates entirely on disk within your Domain Controller in a privileged folder, accessible only to local administrators. This ensures that regular domain users cannot access the tool or its sensitive operations, maintaining strict access control aligned with your existing security hierarchy.

The Kraken's Advantage

What sets Bounty apart is its unique approach to password security. While traditional tools focus on enforcing complex password policies, Bounty takes a proactive stance by identifying passwords that have already been compromised in the wild.

This approach provides a level of protection that traditional password policies alone cannot provide by addressing the fundamental weakness of complex passwords: their reuse or compromise in real-world breaches and red team engagements.