vletoux
Score balancing
hi Vincent,
thanks for using some of my proposed changes but I dare to disagree on the score balancing. (let me open this issue that it doesn't get overlooked in one of the closed PRs: https://github.com/vletoux/pingcastle/pull/235, https://github.com/vletoux/pingcastle/pull/239, https://github.com/vletoux/pingcastle/pull/240)
how is it well balanced when a totally unhackable domain can have 200 points, compared to another domain, where any newbie ransomware gang can become domain admin in 3 different ways, has only 20 points?
easy hackable domain:
- e.g. ESC1 of https://github.com/ly4k/Certipy: 15
- SMB signing not required (plus one computer account which can dcsync): 0
- LDAP signing disabled: 5
unhackable domain:
- krbtgt 4+ years old: 50
- 30+ inactive computer accounts: 30
- 25+ inactive users: 10
- some other hygiene rules, which don't make a domain automatically hackable
and admins using these scores to prioritize their clean up will do it in the wrong order or maybe not do it at all because the report is green enough. if purple knight wouldn't suck so much, I would check there, how it's scored for a comparison :)
best regards arnim
