Fwd: New Release: Purple Knight 1.4 Community Version Now Available

[Henry Awad]

Here's a great free tool for assessing security posture in an Active Directory environment. The tool is from Semperis and provides a really nice report of actionable items to enhance the security of your AD environment.

New version of Purple Knight AD assessment tool is now available. Click the button below to access the 1.4 Community release. Email not displaying correctly? View it in your browser. Purple Knight 1.4 Community Version Now Available Hi Henry: Purple Knight 1.4 is ready for download. This updated release of the free Active Directory security assessment tool includes new features and security indicators. New features:  Scan results are automatically saved to an Excel file ANSSI appendix that displays a breakdown of security indicators within the French National Agency for the Security of Information systems (ANSSI) framework Ability to customize the Purple Knight with a logo Ability to start a new scan without having to rerun the Purple Knight executable: Clicking the NEW SCAN button on the Report Summary page returns you to the Environment page to select the forest and domains to be assessed Ability to view Purple Knight version and Semperis contact information: Click the More button in the top right corner of the screen to check for updates and view version information. Ability to export the full report to .PDF or the scan result data to a series of .CSV files. The SAVE AS button on the Report Summary pages gives you these additional options for saving the assessment report details. New security indicators in Purple Knight 1.4: Account Security: Abnormal Password Refresh Changes to Pre-Windows 2000 Compatible Access Group membership Ephemeral Admins Users and computers without readable PGID AD Delegation: Foreign Security Principals in Privileged Group Users with permissions to set Server Trust Account AD Infrastructure Security: Dangerous Trust Attribute Set gMSA not in use Group Policy Security: SYSVOL Executable Changes Kerberos Security: Write access to RBCD on DC Write access to RBCD on krbtgt account  Note: Please review the quick start document for important guidance before unzipping and executing Purple Knight.   Download Purple Knight The latest version details and SHA256 are available here Resources  Read the quick start document Join the Purple Knight community on SLACK Updated -Explore our security indicators tracker For more details refer to our user guide Have any questions or comments? Don’t hesitate to reach out.  Contact us: pk-com...@semperis.com Powered by Semperis: For security teams charged with defending hybrid identity and multi-cloud environments, Semperis ensures integrity and availability of critical enterprise directory services at every step in the cyber kill chain and cuts disaster recovery time by 90%. Purpose-built for securing Active Directory, Semperis’ patented technology protects over 40 million identities from cyberattacks, data breaches, and operational errors. The world’s leading organizations trust Semperis to spot directory vulnerabilities, intercept cyberattacks in progress, and quickly recover from ransomware and other data integrity emergencies. Copyright © 2022, All rights reserved. Our mailing address is: Semperis 221 River Street 9th Floor Hoboken, NJ 07030 unsubscribe from all emails

[Kurt Buff]

I finally found a few minutes to run this, and it's fairly nice, but a lot of the remediations mentioned don't have a lot of detail.

Still, a nice addition to the stable.

A similar tool that doesn't require registration and is just a PowerShell module is Testimo - it pulls in a number of other modules by the same guy (Przemyslaw Klys - https://evotec.xyz/), including gpozaurr and a few others that seem very useful.

There's a fair amount of overlap between Purple Knight and Testimo, but what I like about Testimo are the URLs embedded in the PSD/PSM files as documentation to point out remediations or risks - they aren't exhaustive, but there's a lot in thee to chew on

Purple Knight tests your internal CA if you have one, and Testimo doesn't. Testimo seems to have better coverage of GPOs

Both are absolutely worth a bit of your time.

Kurt

--
You received this message because you are subscribed to the Google Groups "ntsysadmin" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ntsysadmin+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/CAGaCHK7r8v70nj9wN_2TkhWqW0EQQsKjBYXW4bXKVEt%2BbSub-g%40mail.gmail.com.