GrexID
BREACH SIMULATION · CORP.LOCALscanning…

Someone already mappedthe path to your Domain Admin.

Make sure you see it first. GrexID makes sense of your Active Directory and Entra ID, scores every object 0 to 100, and points to the one edge that collapses half the graph — so your team focuses on fixing, not decoding.

See my attack surfaceHow it works// agentless to start · self-hosted
0/10
ransomware attacks target Active Directory
Semperis, 2024
0%
of breaches involve stolen credentials
Verizon DBIR, 2025
0%
of attacks compromise a domain controller
Microsoft, 2025
$0
average global cost of a breach ($4.44M)
IBM, 2025
/ 01THE PROBLEM

Your directory is a graph. Attackers already walk it.

Every permission, group membership and ACE is an edge. Chain them and a forgotten service account reaches Domain Admin in four hops. GrexID draws the whole chain before anyone else does.

attack-path · CORP.LOCALRISK 87/100 · 4 hops
MemberOfGenericAllWriteDACLDCSyncsvcsvc_backupgrpIT-Adminsusra.torresDC01domain controllerDADomain Admin
escalation path critical hopcut  IT-Admins → a.torres  and this path disappears
/ 02WHY GREXID

We do the understanding. You do the fixing.

Active Directory and Entra ID are a tangle of permissions nobody fully holds in their head. GrexID reads the whole thing for you and hands back a clear, prioritized picture.

01 / SEE

Make AD & Entra ID make sense

We understand the graph so your team doesn't have to. You get a clear, prioritized view and spend your time fixing, not decoding.

02 / PRIORITIZE

Heuristic + AI risk, on everything

Every object, attack path and identity gets a heuristic risk score — with an AI layer that judges whether each privilege actually makes sense. Export it to enrich your other tools.

03 / KEEP CLEAN

Clean it, then keep it clean

Remediation is step one. We watch every change, show its impact before you apply it, and flag a privilege escalation from its very first hop.

/ 03CAPABILITIES

No more alerts. Decisions.

Everything a security team needs to stop guessing: heuristic and AI-driven risk, predicted impact, and the exact list of what to touch — in what order.

NEW
AI LAYER · ON TOP OF THE HEURISTICS

Does this privilege actually make sense?

Heuristics find what's dangerous. The AI layer reasons about how your organization is actually shaped to find what's unjustified — the access nobody can explain, the rights that drifted, the privilege no role in your company should hold.

RISK.SCORE

Heuristic risk, 0–100

A heuristic score for every user, group and permission — paths, exposure, scope and proximity to Domain Admin. Export it to enrich your SIEM, IGA or CMDB.

PATH.MAP

Attack-path priority

Across Active Directory and Entra ID, see how an attacker escalates to your crown jewels — and which paths to fix first. Shortest path and alternates.

SIM.IMPACT

Impact before the change

Simulate removing a permission and see what breaks before you touch production. Fix without locking anyone out.

CASCADE

Cascade analysis

Find the super-connectors whose compromise spreads across the whole environment. Fix the choke point, not the leaves.

DIRSYNC

Monitoring & escalation alerts

Agents watch permission, group and descriptor changes in near real time — and catch a privilege escalation from its very first hop, long before it reaches Domain Admin.

PWD.AUDIT

Password audit

Breached, weak and reused passwords — K-anonymity checked. Plaintext never leaves your network.

EXPLORER

Identity Explorer

Search any object across AD and Entra ID and instantly understand who is a risk to you — risk, permissions and relationships in plain view.

ACE.SCAN

ACE analysis

30+ dangerous permissions inspected (GenericAll, WriteDACL, DCSync…) with risk classification and remediation guidance.

API + HOOKS

Built for your ecosystem

Designed to drop into the tools you already run. A documented REST API plus API Hooks push risk and change events straight into your SIEM, ticketing or automation.

/ —DESIGNED TO INTEGRATE

Fits your ecosystem.

GrexID drops into the stack you already run. Every metric sits behind a documented REST API, and API Hooks push risk and change events to your SIEM, ticketing or SOAR the moment they happen — risk that enriches your tools, not another dashboard to check.

bash — grexid-api
# top domain risk, top 3$ curl -H "Authorization: Bearer gx_••••" \ https://grexid.local/api/v1/risk/top?limit=3 # → 200 OK{ "domain": "CORP.LOCAL", "score": 87, "critical_paths": 17241, "top": [ { "obj": "svc_backup", "risk": 98 }, { "obj": "IT-Admins", "hops": 3 } ], "fix_first": "IT-Admins → a.torres (-63%)"}
/ 04DEPLOYMENT

Start agentless. Scale when you want.

Results in hours with what you already have in BloodHound. When you need it, level up to full endpoint visibility and hybrid environments.

LEVEL 01

Agentless assessment

// import & analyze
  • Import AD, Entra ID & BloodHound data
  • Risk scoring and attack paths
  • ACE & compliance audit
  • Results in hours
LEVEL 02

Live monitoring

// dirsync agents
  • DirSync agents on the DCs
  • Change detection on the fly
  • Modification timeline
  • Alerts with automatic scoring
LEVEL 03

Endpoint visibility

// full telemetry + hybrid
  • Full endpoint telemetry
  • AD + Entra ID correlation
  • Cross-domain attack paths
  • Multi-forest coverage
/ 05COMPLIANCE

ENS by design. Not bolted on.

GrexID was built under Spain's Esquema Nacional de Seguridad (Royal Decree 311/2022, MEDIA category). Every feature declares the D/A/I/C/T dimensions it touches. Compliance wasn't added — it was in the blueprint.

[D]
Data sovereigntySelf-hosted with Docker Compose. Your data never leaves your infrastructure. Zero cloud dependencies.
[C]
Encryption at restSecrets with AES-128-CBC + HMAC-SHA256 and a full audit trail of every sensitive action.
[T]
ENS & NIS2 evidence on tapContinuous change monitoring and a full audit trail of every privilege change — the traceability ENS and NIS2 ask for, generated as you work.
ENS
RD 311/2022
MEDIA category
D/A/I/C/T
NIS2
Directive (EU)
2022/2555
18 critical sectors
ISO 27001
Risk assessment
and access control
NIST CSF
Risk management
and detection
/ 06WHO IT'S FOR

One graph. The whole team reads it the same.

From analyst to boardroom, the same quantified-risk language. Every role sees what it needs without translating.

SEC.ANALYST

Security analysts

Prioritize by quantified impact. No more eyeballing what to fix first.

SOC

SOC teams

Investigate compromises with attack paths and a change timeline. Spot anomalies live.

SYSADMIN

Administrators

Clean up excessive permissions with a safety net: see the impact before you apply it.

GRC

Compliance

Prove your AD posture with metrics, audit trails and standards-aligned reporting.

RED / BLUE

Red & Blue Team

Document attack paths for offensive testing and harden defenses by cascade impact.

CISO

CISO / Leadership

Board-ready dashboards, historical trend and demonstrable security ROI.

START TODAY

How many paths to your domain exist right now?

Request a demo and we'll look at it on your directory. In hours you'll have the number — and the one edge that cuts more than half.