Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

2022 DPAT Roadmap Ideas #21

Open
yellow-starburst opened this issue Jan 5, 2022 · 5 comments
Open

2022 DPAT Roadmap Ideas #21

yellow-starburst opened this issue Jan 5, 2022 · 5 comments
Labels
enhancement New feature or request

Comments

@yellow-starburst
Copy link
Contributor

yellow-starburst commented Jan 5, 2022
edited

Disclaimer - I by no means want to be that guy that makes a bunch of tool complaints. I have some time this month to help make these improvements.
This tool deserves recognition for how brilliant it is. Great job @knavesec !

  1. Password_Length_Stats - This has the list of the number of users with a specific number character of password. So if 10 people have a password that is 9 characters. Problem is it does not filter out the disabled users.
    Request - Filter the amount of affected users by being enabled users. Right now it combines enabled and disabled users.
@yellow-starburst
Copy link
Contributor Author

yellow-starburst commented Jan 5, 2022
edited

  1. Add the column - "Password last changed" or "Pwd Last Set" to all the checks.
    Reason - That way you can use new bloodhound data to see if the account has been remediated - without retrieving new ntds data

@yellow-starburst
Copy link
Contributor Author

yellow-starburst commented Jan 5, 2022
edited

  1. Add enabled column to the sheet:
    A. LM_Hashes_(Non-Blank)

@yellow-starburst
Copy link
Contributor Author

yellow-starburst commented Jan 5, 2022
edited

  1. Remove Null NTLM hash from list
    I noticed that the null ntlm hash 31d6 shows up in a bunch of different sheets

@yellow-starburst
Copy link
Contributor Author

  1. Add check "computers cracked"
    All windows hosts should have random long passwords. Sometimes an admin or perhaps an attacker may change the password. Attackers use this as persistance.

@yellow-starburst yellow-starburst changed the title Improvements 2022 roadmap Ideas Jan 5, 2022
@yellow-starburst yellow-starburst changed the title 2022 roadmap Ideas 2022 DPAT Roadmap Ideas Jan 6, 2022
@knavesec
Copy link
Owner

knavesec commented Jan 6, 2022
edited

I like some of these additions, so I'll see when I have time to sort them out.

Unless I'm misunderstanding # 4, I probably won't do that, just for completeness. If there are users with null hashes thats still part of AD so IMO it should still be included. May address this in one of the improvements below

Also for # 3, I don't entirely see it as relevant? Enabled status doesn't make a huge difference, if you have the LM hash you can easily crack the password and just enable the user. IMO enable status doesn't really make a difference, and those should just be fixed anyways. Either way, doesn't take a ton to implement, but those are just my thoughts

Additional things I'd like to add

  1. Graphs and charts
    For either report screenshots or just general ease of display, could include a pie chart of cracked vs not cracked, pie/bar chart for password lengths, etc

  2. Include a filtering ability to the graphs so you can sort alphabetically, by hash, by pwd length, etc. Tried this a while ago, but ran out of time. This may address the null NTLM hashes thing from above, depending on level of filter ability

@knavesec knavesec added the enhancement New feature or request label Jan 6, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@knavesec @yellow-starburst