Summary: <p>This week I had the fun opportunity to do a "blind" network security assessment - where basically we had to step into a network we'd never seen before and make some security posture recommendations. I've found that the following software/hardware is quite helpful for this type of assessment:</p> <ul> <li> <p>The <a href="https://www.pwnieexpress.com/products/pulse-device-detection" rel="nofollow noreferrer noopener" target="_blank">PwnPulse</a> helps a ton in scanning wired and wireless networks...and even Bluetooth! I've covered the Pulse in past episodes - check out <a href="https://7ms.us/7ms-255-pwnpro-101/" rel="nofollow noreferrer noopener" target="_blank">part 1</a> and <a href="https://7ms.us/7ms-260-pwnpro-101-part-2/" rel="nofollow noreferrer noopener" target="_blank">part 2</a>.</p> </li> <li> <p><a href="https://www.rapidfiretools.com/" rel="nofollow noreferrer noopener" target="_blank">Network Detective</a> will do a ton of helpful Active Directory enumeration and point out potential red flags, such as:</p> <ul> <li>Accounts that haven't been logged into for a long time</li> <li>Accounts with passwords that haven't been refreshed in a long time</li> <li>Privileged groups that need review (Domain Admins, Enterprise Admins, etc.)</li> </ul> </li> <li> <p>AD policy issues (*warning: by default Network Detective only pulls back a few policies by default. Check out scripts such as my <a href="https://github.com/braimee/bpatty/blob/master/scripting/windows/Environment-Check.ps1" rel="nofollow noreferrer noopener" target="_blank">Environment Check</a> to grab a dump of all GPOs.</p> </li> <li> <p>Thycotic <a href="https://thycotic.com/solutions/free-windows-privileged-account-discovery-tool/" rel="nofollow noreferrer noopener" target="_blank">Privileged Account Discovery</a> is a free tool that can crawl AD workstations and enumerate the local administrator accounts on each machine. It makes a good case for <a href="https://7ms.us/7ms-252-laps-local-administrator-password-solution/" rel="nofollow noreferrer noopener" target="_blank">implementing LAPS</a>.</p> </li> </ul>
