PingCastle is an auditing tool and oddly, when you view their website, they don't have an actual description of the product.  The site jumps straight into the uses, features, and benefits. 

    In a nutshell, PingCastle quickly generates a comprehensive assessment of the overall posture of the domain.  For example, is SMBv1 enabled?  Can we attack the network with LLMNR poisoning because we're allowing Netbios over TCP?  But it goes beyond the low hanging fruit, it gets into the granular settings for AD accounts and it makes suggestions on how to better configure the domain. 

    Let's jump into it --

    When we extract the very small download, we run the executable:

    A command prompt opens and we have several options but we're going to go with the "healthcheck" :

    We choose the default domain:

    Moments later, it's finished:

    In the folder where we've execute PingCastle, we find an HTML report:

    If you are running a stock domain and you've done very little to secure it, odds are pretty good that you're going to score 80-100 which is the opposite of good.

    The good news is that following the advice of PingCastle, we can quickly get that number down under 40.

    When we view the Risk model, we get an overview of the problems:

    When we get into the specific areas, we have drop downs for each problem:

    And when we drill into a specific problem, we get an explanation and a solution. 

    Some of the identified issues are fairly easy to solve while others require a little bit of work.  But as I mentioned previously, with a score in the 80-100 range, it's easy to get the bigger ticket items off the list.  With a little bit of work, we can get that number down into 30-40 without too much hassle.

    © 2020