You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
thanks for using some of my proposed changes but I dare to disagree on the score balancing. (let me open this issue that it doesn't get overlooked in one of the closed PRs: #235, #239, #240)
how is it well balanced when a totally unhackable domain can have 200 points, compared to another domain, where any newbie ransomware gang can become domain admin in 3 different ways, has only 20 points?
SMB signing not required (plus one computer account which can dcsync): 0
LDAP signing disabled: 5
unhackable domain:
krbtgt 4+ years old: 50
30+ inactive computer accounts: 30
25+ inactive users: 10
some other hygiene rules, which don't make a domain automatically hackable
and admins using these scores to prioritize their clean up will do it in the wrong order or maybe not do it at all because the report is green enough. if purple knight wouldn't suck so much, I would check there, how it's scored for a comparison :)
best regards
arnim
The text was updated successfully, but these errors were encountered:
hi Vincent,
thanks for using some of my proposed changes but I dare to disagree on the score balancing. (let me open this issue that it doesn't get overlooked in one of the closed PRs: #235, #239, #240)
how is it well balanced when a totally unhackable domain can have 200 points, compared to another domain, where any newbie ransomware gang can become domain admin in 3 different ways, has only 20 points?
easy hackable domain:
unhackable domain:
and admins using these scores to prioritize their clean up will do it in the wrong order or maybe not do it at all because the report is green enough. if purple knight wouldn't suck so much, I would check there, how it's scored for a comparison :)
best regards
arnim
The text was updated successfully, but these errors were encountered: