7MS #527: First Impressions of Purple Knight
SafePass.me is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit safepass.me for more details, and tell them 7 Minute Security sent you to get a 10% discount!
In today's episode we talk about Purple Knight, a free tool to help assess your organization's Active Directory security. I stuck Purple Knight in our Light Pentest LITE pentest training lab and did an informal compare-and-contrast of its detection capabilities versus PingCastle, which we talked about in depth in episode #489. Here are some highlights:
Test | PingCastle | Purple Knight |
---|---|---|
Warned about ms-ds-machine-account-quota | Yes | Yes |
Detected ASREPRoastable users | Yes | No |
Identified machines configured with unconstrained delegation | Yes | Yes |
Found "cpassword" values from the MS14-025 vulnerability | Yes | No |
Identified print services running on domain controllers | Yes | Yes |
Called out Microsoft Local Administrator Password Solution not being present | Yes | Kind of (listen to today's episode for more info) |
Found DNS zone transfer misconfiguration | Yes | No |
Called out no GPO being present to disable LLMNR | Yes | No |
Flagged password policy as being less than ideal | Yes | Yes |
Flagged non-default principals that had dcsync permissions on the domain controller(s) | No | Yes |