SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount!
In today’s episode we talk about Purple Knight, a free tool to help assess your organization’s Active Directory security. I stuck Purple Knight in our Light Pentest LITE pentest training lab and did an informal compare-and-contrast of its detection capabilities versus PingCastle, which we talked about in depth in episode #489. Here are some highlights:
| Test | PingCastle | Purple Knight |
|---|---|---|
| Warned about ms-ds-machine-account-quota | Yes | Yes |
| Detected ASREPRoastable users | Yes | No |
| Identified machines configured with unconstrained delegation | Yes | Yes |
| Found "cpassword" values from the MS14-025 vulnerability | Yes | No |
| Identified print services running on domain controllers | Yes | Yes |
| Called out Microsoft Local Administrator Password Solution not being present | Yes | Kind of (listen to today’s episode for more info) |
| Found DNS zone transfer misconfiguration | Yes | No |
| Called out no GPO being present to disable LLMNR | Yes | No |
| Flagged password policy as being less than ideal | Yes | Yes |
| Flagged non-default principals that had dcsync permissions on the domain controller(s) | No | Yes |
Written by: Brian Johnson
Share on socials: