Skip to content

2025.5.26 Release #250

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
jakehildreth merged 17 commits into from
May 26, 2025
Merged

2025.5.26 Release #250

jakehildreth merged 17 commits into from
May 26, 2025

Conversation

@jakehildreth
Copy link
Owner

@jakehildreth jakehildreth commented May 26, 2025

  1. Added three (3) new detections: ESC7, ESC9, ESC16
  2. Added Risk Ratings for each new detection:
  • ESC7 (CA Administrator): if a principal granted CA Administrator rights is expected, set risk to 0 and highlight that this is a Tier 0/control plane principal.
  • ESC7 (Certificate Manager): if a principal granted Certificate Manager rights is expected, set risk to 0.
  • ESC9: larger groups/admin groups create highest risk. If ESC6 also exists, risk is very high.
  • ESC16: if ESC6 also exists, risk is Critical.
  1. Improved Risk Ratings for existing detections:
  • ESC4: if the principal granted rights on a template is an administrator, set risk to 0.
  • ESC6: if ESC9 or ESC16 exists in the forest, raise the risk.

jakehildreth and others added 17 commits May 17, 2025 06:59
@jakehildreth
ihavenoideawhatimdoingdog.tiff
7f0f801
ESC7 Detections are working. Needs better Issue, Fix, and Revert attr…
999f571 
…ibutes, but it's working!
ESC16 detections are working. Needs better description, fix, revert, …
ef22347 
…and risk calculation, but otherwise good!
Fixed typos. Improved readability.
f0696b5
@SamErde
Merge pull request #246 from jakehildreth/add-esc7
7425baf 
Add ESC7 Checks
@SamErde
Merge branch 'testing' into add-esc16
fab1145
Typo fixed!
a7d240c
@rebelinux
Enhance error handling in Get-CAHostObject and Find-ESC7 scripts by c…
2252abd 
…hecking for CAHostDistinguishedName before retrieving AD objects.
@SamErde
Merge pull request #247 from jakehildreth/add-esc16
dd5a51b 
Added ESC16 detections 🕵️
@jakehildreth
Merge branch 'testing' into testing
46cca78
@jakehildreth
Merge pull request #248 from rebelinux/testing
7951bfb 
Enhance error handling in Get-CAHostObject and Find-ESC7  scripts
Fresh build after merges.
c47b95a
ESC9 detections + Improved ESC6/9/16 risk ratings.
0db9c3b
Risk and remediation updates.
efec13b 
1. All "remediation updaters" now highlight the question being asked.
2. Complete rewrite of ESC7 to bring inline with all other principal-based issues.
3. Improved risk scoring for ESC1, ESC6, ESC7, ESC9, and ESC16
4. ESC4 and ESC7 now properly mark risk when principal is an admin/manager.
fixed small grammar error
4e40e54
Fresh Build in preparation for release.
fec7548
@jakehildreth
Merge pull request #249
7f6f900 
Add ESC9 and Improve Risk Ratings
@jakehildreth jakehildreth merged commit e43023a into main May 26, 2025
8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@jakehildreth @SamErde @rebelinux