Free pingcastle review reddit They do 12 standards, then custom frameworks from those controls, and then ticketing integrations to all PSAs. Thank you everyone! 27 20+ years administering Active Directory environments, and I *JUST* had the horrifying experience of learning that (by default) *ANY* any old user account in the "Authenticated User" group can add up to 10 computers to a domain. PingCastle is good for what it is but its definitely not a heavy lifter like BloodHound. Otherwise I find the blog posts "Active directory hardening series" on the microsoft techcommunity page very interesting at the moment. I repeated this for all 8 devices. It does have an attack path analysis which is similar to bloodhound but more limited. You can use PingCastle Basic Edition to run a health check and provide contextual security information in your AD environment. There's a community for whatever you're interested in on Reddit. For example, if you have Active Directory, using the free PingCastle can tell you about a lot of things to quickly check on. Happy with both vendors. DCs being owned by users and not Domain Admins group, rotating your KRBTGT/SSO Passwords, print spooler is on, etc Bloodhound won't tell you that stuff. This is an educational subreddit focused on scams. Typical client size is 10-60 endpoints. It isn't quite as in depth as say an AD Security RAP but I personally find those too exhaustive. According to PingCastle, the solution would be to prevent connecting locally and via remote desktop service I use PingCastle on a daily basis, it's the best tool I have tried to do this kind of job. But it starts with MSPs talking about free tools we use to run our businesses and ends with MSPs knocking a guy for suggesting that a client use something free in their own business. g. I had heard of it before but didn't pay much attention, then seeing a workstation able to replicate changes to the DCs intrigued me and they showed PingCastle as a recommended hardening evaluator. Otherwisedetailed lists of who logged in and when is something you'd pull out of your DC logs probably via a In a pingcastle health report, there is an unscored anomaly rule which describes No password policy for service account found (MinimumPasswordLength>=20) In the advised solution we have a "To solve the anomaly, you should implement a PSO or GPO". Our free VPN service is supported by paying users. So here’s a real review. Reddit is a network of communities where people can dive into their interests, hobbies and passions. This mission is totally new to me First of all, I have to carry out an audit report and for the sake of efficiency I hastened to download PingCastle and launch it from the position of the company assigned to me but now I wonder if it is a software that I can be sure of in relation to the confidentiality of We would like to show you a description here but the site won’t allow us. org), SpecterOps, etc. Get started Free Download. The free version provides the following reports: Health Check, Map, Overview and Management. /r/FreeGameFindings is based around finding free game promotions all over the place! Be it Steam, Epic, Origin, Ubisoft Connect, GOG, Xbox, Playstation, or Nintendo Consoles, we will find every last free Game and DLC promotion we can, and get it to you! The second product, which is designed for complex environments up to thousands of domains, is a web application. I've used a few of the AD monitors over the years but any more if I was doing only AD I would do WEC/WEF and set up monitoring that way. It will perform an attack path analysis for you that you can use to improve how things are set up. As you look at various implementing items, also look for ways to automate the reporting of those controls. AD Pro Toolkit is a reasonably priced tool to export AD data into a GUI that has a spreadsheet-like feature set. refresh current prod to new Dev or QA in the Cloud provider), the learning curve for less technical members of staff is much quicker for Veeam, and you can cache backups in advance of the migration outage using a full in advance, stop the app perform an incremental backup at beginning of downtime then start your restore. Powered by a worldwide community of tinkerers and DIY enthusiasts. PingCastle is safe and leaves no traces in your domain. Software to be patched, vulnerable TLS/ports, and other security vulnerabilities missing. This would have worked as well. Tanium, Zabbix, etc. As you said the paid options like Tenable & Qualys have good coverage, but the free options are severely lacking. It works out-of-the-box, only need to edit your e-mail settings. That can scan systems against STIGs. One of the last few items remaining is emptying the Schema Admin group. PingCastle and others report that we're not using the Protected Users group. remove the ability for Domain Users to enroll potentially abusing certificates at their leisure. Gain clear visibility into your hybrid AD security posture and follow guided Haste is completely free, exitlag costs a few bucks after the trial, I am comparing them still to see if I can end the paid exitlag and just use the free haste, but yes both have worked for me in a big way, but again it probably depends on your location and isp and such, some may get an even better result, some may get no improvements. Make your own 2D ECS game engine using C++ PingCastle and others report that we're not using the Protected Users group. Yepp, got pwned by a ESCx during pentest this year. May 4, 2018 · This is a very nice tool to get a better overview of your domain. Now if you run PingCastle in a year or so and there hasn’t been a great improvement then start to worry. msc capabilities now. 1- use laps. Finally on the human side, seeing up terrifying maintenance plans to review groups, policies, OUs etc. A list: Run responder Run mitm (can affect the network so don't run it for more than 10 mins and make sure u give it a domain with -d) Run enum4linux on the domain controllers see if there is a null session Run your vuln scan Run port scan Run ntlmrelayx If you manage to get a list of users from enum4linux try the username as the password with the smb_login metasploit module Try a weak Piggy backing off this comment, I strongly suggest you go to pingcastle. Currently only the built in domain admin account is a part of this group and this account is the last resort and never used unless of DR which absolutely requires it. 720% Quantity + Tainted Currency = 0 Tainted Currency Jun 13, 2024 · About Ping Castle is a free and open-source tool designed to assess the security posture of your Active Directory (AD) environment. Edit: PingCastle also has a tool for scanning AD environment with some good information and things to look into/secure. Its on device and network scans. I am comfortable with doing this to most user accounts and even the 2 service accounts we have but Im not so sure about the azure ad connect service account. And it's free. I was running the PingCastle security tool and I got a flag under "Presence of unknown account in delegation. Posts about specific products should be short and sweet and not just glorified ads. 406 votes, 39 comments. . For some reason someone created users instead of contacts for that, leaving a security issue. Ouvrir le menu Ouvrir l’onglet de navigation Retour à l’accueil de Reddit Discussion about Path of Exile, a free ARPG made by Grinding Gear Games Members Online T14 map. It should also be a review of security ACLs and ways that an attacker can gain access. As a starting point, AAD config review really kicks off with the tools MS itself gives you as part of AAD premium licensing. Members Online • Also PingCastle is free to audit AD. e. Est-ce que Pingcastle est bon ? Business Security Questions & Discussion This post kind of blew up a bit a turned an unpleasant discovery into a lot of really killer tips and advice. Rule ID: P-ControlPathIndirectMany Oh man, this whole thread just really exposes everything I hate about our MSP world. Ping mods if you want to share your… A subreddit for information and discussions related to the I2P (Cousin of R2D2) anonymous peer-to-peer network. 0x01 - DES-CBC-CRC 0x02 - DES-CBC-MD5 0x04 - RC4-HMAC 0x08 - AES128-CTS-HMAC-SHA1-96 Hash Function with mac truncated to 96 bits 0x10 - AES256-CTS-HMAC-SHA1-96 Hash Function with mac truncated to 96 bits You could take a look at the ad modules from Hack the box. This was found in GPO NTLMStore. I used Google and Reddit to see if people were doing similar things. It's meant to be run as an unprivileged Domain User, no write access anywhere. You cannot monetize PingCastle or offer it as a paid service to others under this license. A free Basic Edition has been available for free since 2017; Auditor, Professional, and Enterprise versions include additional capabilities for a price. Developed by Vincent Le Toulec, it provides a quick and efficient way to identify potential security risks and vulnerabilities within your AD domain. On the other hand, asking OffSec for clarification about tools for the exam is hit and miss. If so convert it. r/LostCastle: Lost Castle is a action RPG beat'em up game with roguelike elements and randomized dungeon. It is very good for finding configuration risks in AD. This subreddit is for technical professionals to discuss cybersecurity news, research, threats, etc. Sep 9, 2024 · It’s free to use if you don’t intend to make money from it, and it’s simple to use, so let’s take a look at it. I cannot find this location anywhere. I did end up buying one, despite it being hideously overpriced, just because I have had a bad time with straps in the past and I thought it would help. There is no GPO that I can see called NTLMStore. It’s based on a methodology focusing on risk assessment and a maturity What is your current score in PingCastle? I would start with eliminating as many vulnerabilities as possible. PingCastle is a Windows tool for auditing the risk level of your AD infrastructure and identifying vulnerable practices. Any reason to not set that flag on those accounts? I have never done any delegating in this way that I know of. I ran a scan using PingCastle and it is saying I have an intermediate certificate using SHA1. Just cause bloodhound doesnt auto detect a path to DA doesnt mean one doesnt exist. I changed the msds-supportedencryptiontypes attribute from 31 (0xF) to 28 (0xC) and that removed the DES encryption protocols. They also do vuln scanning, more expensive than CyberCNS, but full lifecycle of workflows. PingCastle source code is licensed under a proprietary license and the Non-Profit Open Software License ("Non-Profit OSL") 3. It is called PingCastle Enterprise. It is our hope to be a wealth of knowledge for people wanting to educate themselves, find support, and discover ways to help a friend or loved one who may be a victim of a scam. Jan 10, 2023 · Several free tools can quickly tell you the areas that need attention. If you walk into a typical client AD/365 environment with mostly Windows with the odd bit of Mac and Linux that's basically in petty good shape around supported versions and patching but lacking in areas like best practise where do you focus your time and effort getting it into shape if you're given an open ended requirement like "make us more secure"? With Veeam once setup you can test migrations in advance (i. Log In / Sign Up I can comment on ping castle directly, for a small shop just use the free version. PingCastle’s scanner bypasses these classic limits. You could also couple it with bloodhound and get even more indepth reports all while putting your SOC to the test. Ping Castle is a tool designed to assess quickly the Active Directory security level with a methodology based on risk assessment and a maturity framework. Hi everyone, My internship mission is to carry out an audit of an active directory. PingCastle is a great tool for a high-level survey of the domain. For your CDP and AIA sources: You can host them on your Sub-CA, or move them to another machine for added security. Reply reply My entire C++ Game Programming university course (Fall 2023) is now available for free on YouTube. This script will check: Check status, health and tests for every Domain Controller in each Sites Ping test 441 subscribers in the bag_o_news community. Contribute to 3tternp/pingcastle development by creating an account on GitHub. Running PingCastle and working on mitigating as many of the attack vectors as possible. Looking into Active Directory hygiene (Crowdstrike Identity vs Tenable. Better to at least put it in one of the student-only course channels on Discord or similar. They really need to work on the site. This is a basic roadmap I used to rid 6 forests/8 domains (and AWS MAD domain trusts) all using AD forest trusts. We run a similar product from Quest called change auditor. OPenVAS has become Greenbone and the free edition is severely lacking in coverage. It gives you the configuration flaws, but also points you the relevant advice and source articles on how to correct the issues, it also has a nice dashboard and grades which guide you to what is Lost critical and should be corrected first. For script/syntax formatting, I looked through the documentation. Phishing and Malware PingCastle and PurpleKnight are your actual AD Auditing tools that are free and popular. I am going through a PingCastle scan/review/edit of my domain and I had 8 computers that support DES in kerberos authentication. Once I had a script built and tested, I would research errors and if I hit a dead end I would ask my friendly neighborhood GPT. What it Does Ping Castle scans your Active Directory and analyzes […] K12sysadmin is for K12 techs. Necessary if you plan to generate revenue by providing PingCastle-based services to other organizations. Block the Service accounts from logging interactively. Infosec/geeky news - bookmarking for further reference and sharing. Whether you're a personal or work/school user or administrator of Teams, feel free to ask questions in our weekly Q&A thread and create posts to share tips! Members Online Teams Screen sharing bar is now repositionable! We would like to show you a description here but the site won’t allow us. Netwrix PingCastle helps you uncover misconfigurations and hidden vulnerabilities across Active Directory and Entra ID, pinpointing weaknesses before they become entry points for attackers. My experience is that it overall pretty good at catching security related configuration issues. PingCastle has been around for quite a few years (since at least 2017) and touts the Jun 26, 2024 · PingCastle is a free, open-sourced tool designed to assess the security level of your Active Directory environment quickly. Home Assistant is open source home automation that puts local control and privacy first. PingCastle is a free AD audit tool for detecting critical security issues—offering an overview and guidance on how to address those issues. " A Website. Providing free access is part of our mission. FAQ. Check out Sharphound/bloodhound. My boss liked it, as did I. The actionable results have dwindled to a low quantity over the past year. In some cases that is a user by user, group by group review of security permissions against what least privilege would allow, in other it is a cursory review of your domain policies. SC. Edit: spelling Dec 23, 2021 · Two tools I have used in both offense and defense situations with AD are PingCastle and Purple Knight. To add content, your account must be vetted/verified. This facilitates the benchmark of all domains; Scanner - Checking workstations for local admin privileges, open shares, start-up time is usually complex and requires an admin. Make your own 2D ECS game engine using C++, SFML, and ImGui youtube Sep 15, 2022 · Fortunately, whether you choose PingCastle or Purple Knight, both tools offer free options to help you assess the condition of your AD security and provide insights on how to improve it. For example, any for-profit organization can use it to audit their own systems. For which one? Pingcastle or goldfinger? Ive never used goldfinger, I have used ping castle. Purple Knight; PingCastle; BloodHound Yes to all, yes it’s best practice to leave Schema Administrators empty, including removing administrator account. Recommended by L3T, who cheerfully adds, "Be prepared for the best free tool ever. Welcome to the CrowdStrike subreddit. MeshCentral has a lot of features and so, the best is to start small with a basic installation. Free Active Directory Tools . From the ldap wiki: . You can do a lot by following best practices and manual review via resources like Trimarc/Sean Metcalf, (adsecurity. CDP: First thing is to find out if the software that the service account is driving can use a MSA. These reports provide scores across four key areas, explain any detected anomalies, and offer Its honestly one of my top 5 shows, I love Stana + Fillion, its a fun and adorable procedural, with characters I actually give a shit about, the love interest drama is good without being constant, it can be pretty emotional at times and I love the twist of cop/writer. Their privelege user/group monitoring can probably come in handy. If you want to post and aren't approved yet, click on a post, click "Request to Comment" and then you'll receive a vetting form. There are no plans to “end of life” any of the PingCastle products, and PingCastle development, support, and sales will be expanded with resources that augment the existing business All outstanding quotes will be honored through their expiration. Jun 26, 2024 · PingCastle is a free, open-sourced tool designed to assess the security level of your Active Directory environment quickly. In general, I wholeheartedly agree with this idea. You don’t know who could be leading you astray in a random post on Reddit. Expand user menu Open settings menu. Ran into one that I don't understand and hoping someone in here has more knowledge and can share. "Enterprise PKI tool allows adding, removing and viewing NTAuth certificates; in addition Certutil can be used to publish an NTAuth certificate if needed. The report is a pretty elaborate spreadsheet of all the data points collected. I'm not talking about a Nessus-type vulnerability scanner, but rather something between Purple Knight and Microsoft Baseline Security Analyzer. You can also use CIS-CAT for the benchmarks if you're a CIS member. They offer a free tier that gives away one sensor per client. BloodHound is more useful when you're trying to determine all the group memberships of an account and all levels of permissions you have. Nov 13, 2020 · Consolidation - When multiple reports of PingCastle have been collected, they can be regrouped in a single report. If I ever had to use this method then things would be pretty bad, I would probably start updating my resume first. What will happen to PingCastle as a company? The products you know and use will not be changed by the acquisition. Keep in mind that AAD is architected differently from AD - it's flat, no OUs, no GPOs. Small background story. These tools will only show what is wrong and give an idea of how to fix it, but finding the actual fix is your job. 87 votes, 18 comments. Thanks for the share, going to review the other pkiview. similar to nessus. com and download their free assessment tool and use it to scan your lab AD. If you're just looking for inactive accounts or something sort of straight forward then Powershell can easily provide that sort of audit/report. The only time schema really needs to change is: New Domain Controllers (newer version), Exchange version upgrades (2010 -> 2013, 2013 -> 2016,2019) Run pingcastle and follow its recommendations to harden your PKI, e. Edit2: you should also look into a vulnerability scanning utility: Rapid7, Qualys, Nessus, as these will help you find items. Some things I can note as we continually revise our security offerings. After learning about PingCastle in January 2022, we have been manually running PingCastle against our non-comanaged clients every six months, in July 2022 and again this month. It’s the tip of the iceberg. It won’t do any harm. The free version does not attempt to contact the internet. My customer used PingCastle and it reported that there are a massive number of users that have never logged on and the password is set to never expire. Commercial License: Available for purchase. PingCastle was born based on a finding: security based only on technology does not work. Currently have Crowdstrike Falcon Prevent, Insight, Overwatch, and Discover. I2P provides applications and tooling for communicating on a privacy-aware, self-defensed, distributed network. This would allow you to look at AD from an attacker's perspective. What's in your report that you are concerned about? Pingcastle picks up most concerning items and is freeware if you run it yourself. Ping Castle and Bloodhound will get you very far. Instantaneous improvement. Keeping something like 168000 signatures up to date like Tenable does takes resources that are not free. Has anyone actually got a system in production that does not receive this warning? For those of you who have used this tool, the report that's produced only limits output in categories to 100 entries and then at the bottom says "Output limited to 100 items - add "--no-enum-limit" to remove that limit. Of course, it won't cover everything but it is a good starting point. Not picking on the OP, great post and idea. However, you will be pushed to research and gain a deeper understanding of Active Directory. PingCastle - A free tool that seems to scan your AD and give you a giant list of things that should be cleaned up for security reasons. Hardening kitty/microsoft baseline security analyzer for server configuration checks. At the heart of most organisations are a Windows server active directory domain (or multiple of these), yet one of the most common findings when we review organisations security postures are there are significant weaknesses in their active directory deployments, both from an architectural, operational and security perspectives. To determine which option is right for your organization, we examine the strengths and primary focus of both tools’ free editions, as well as how you might I'm hoping someone here can help me figure out where this certificate is so I can delete it. K12sysadmin is open to view and closed to post. There are new and different best practices to worry about and many of the old don't apply. " I use the excellent Purple Knight Free Security Assessment Tool for Active Directory - and I'm looking for something in the context of Windows Server / Windows Client. FWIW I'd recommend looking up "Pingcastle" - it'll highlight things like old Kerberos passwords as well as giving you the instructions / some confidence in doing the task. If it relates to AD or LDAP in general we are interested. Feb 4, 2020 · Securing the crown jewels. Recommended by SysAdmineral "for getting a grip on how well the environment is hardened and what other, less visible, things may be lurking around. A reddit dedicated to the profession of Computer System Administration. It’s based on a methodology focusing on risk assessment and a I've run PingCastle and it's easy and free and highlights some useful items. And holy shit. Example: you say encrypting workstations is something you're adding to your list; are you sur I am working through some recomeondations from pingcastle and one of them is that all privileged accounts should have the account is sensitive and cannot be delegated flag set on it. A Free Tool. Pingcastle/ purpleknight/ bloodhound for checking ad-security. Some tools can run these checks for you for free, or you can use a paid tool (I like Tenable's Nessus Pro for this - the Compliance scans are great and it can do the vulnerability scans that OpenVAS does as well). che Hi!, yesterday I saw a reddit post asking how to monitor your AD health status, replication problems, etc So I decided to code my own script (base on Vikas Sukhija idea). In particular, that "No GPO preventing the logon of administrators has been found". The Enterprise edition can be purchased through our company exclusively. " They dont give too much information on that page but what they do call out in their 5 steps is possible using powershell and free tools like pingcastle and bloodhound. To include PingCastle in a commercial package or service, a specific license must be purchased . Good to see pingcastle and bloodhound reporting good but I hope more in depth pentests and red team assessments are on the table for the future. No catches, no gimmicks. The Proton VPN free plan is unlimited and designed for security. Hello everyone, I am currelty working on the audit of an active directory and I noticed the following flaw in the privileged accounts. Really nice. Also use some of the other tools like PurpleKnight and ForestDruid to get the picture from a different point of view. Are there any others that automate checking and reporting on things you might want to look into? Start with the free recommendations. You'll get a list of inactive accounts (user and computer), common misconfigurations, etc. People and process. Also have Tenable. Part of paying for a pen test is the consultancy, pen testers dedicate 100s of hours across 100s of environments understanding Active Directory and attack vectors, so although someone inexperienced running pingcastle and bloodhound will give you some value, it won’t replace a pentest. For security configurations lookinto pingcastle. Run a PingCastle check to get lists of objects… "Why we offer a free VPN We believe online privacy is a fundamental human right. Just looks rough, definitely not polished, requires ad blockers to be off, FREE doesn't necessarily mean free when you crack open the license file, etc. " Looking at the notice it tells me CN=System Management,CN=System,DC=ourdomain,DC=lan has a delegation with an unknown SID. Télécharger l'app Télécharger l’application Reddit Se connecter Se connecter à Reddit. He made himself admin and then made himself a DC. Two to four times a year to comb out the garbage. If you run this tool and do a lot of the cleanup, you'll probably be in much better shape than a lot of places: Home - PingCastle PingCastle is geared more towards AD best practices / good stuff to know about AD. 2- ever sys admin should have 4 accounts (domain admin for dc servers, pc local admin, server admin account for none DC servers and a day to day account) and use gpo to apply the permission. Mar 13, 2020 · Description Audits AD free for most cases ( only not if you are a auditor see there website) it scans your AD enviroment and tells you were the weak points are the script is not powershell but i know AD admins are mor… Yeah it’s really weird, I had the extension all set up, and today it kept not working and saying it wasn’t updated (I updated everything, uninstalled it, reinstalled it, even tried on a different browser and downloading the extension fresh and it said it was out of date) and going default just says it can’t verify and I tried later today and now apparently the server isn’t responding To Unsafe domains: Between one of your domain and a domain not monitored by PingCastle. 0. Been cleaning up AD using PingCastle. Posted by u/ryaninseattle1 - 21 votes and 8 comments There are lots of low effort security checkers that could be useful, too. A contractor who set up cert enrollment over intune for a coworker added a template that had free SAN requests and allowed every computer to do so. I wrote this as a response to a post about fixing a specific service, but mimikatz can coherce RC4 if your DCs still support RC4. You could also use something like a host-based agent approach if you aren't already. CrowdStrike Falcon offers cloud-delivered solutions across endpoints, cloud workloads, identity and data; providing responders remote visibility across the enterprise and enabling instant access to the "who, what, when, where, and how" of a cyber attack. Except if a license is purchased, you are not allowed to make any profit from this source code. here is what I do. Pingcastle (the free version can do this). Ping Castle isn't going to help you with general AD administration but it provides a good baseline for securing the platform with a lot of reference materials. I saw it in the DCShadow briefing. We would like to show you a description here but the site won’t allow us. AD) and having a set of eyes where we are not having to manually review and look for things to fix. com. Discovered "LmCompatibilityLevel" on one server was set to 0, is there any possible fallout from this? Aside from vulnerability scans, tools like PingCastle or Bloodhound can help to identify issues with Active Directory configuration. All jokes aside, the goal would be to use this backup to restore a single domain controller, seize all FSMO roles, start cleaning up orphan domain controllers objects and get things working again, get Azure AD Connect configure imported and syncing. So that was a tangent, but here’s the reason: Prioritize known exploitable vulnerabilities. The modified GPO applied allowing RC4 and I quickly powered back on each of the other controllers. Reply reply ISkyWarrior Could you not say that about every bit of free software? And even paid for software? They all pull back telemetries and metadata. If I didn't know better, I would say this is a very suspicious site. Greenbone OpenVAS for vulnerability assessment scans. You want to get really deep into the weeds? The DISA SCAP Checker tool is now open to the public. 556K subscribers in the cybersecurity community. The Auto-Created domain should be reviewed. Free, and really good for tightening up the nuts on the system, look at the indirect control section and that'll help protect the critical elements. PingCastle provides it to automatize our methodology and allow the decentralization of Active Directory management. 10 votes, 20 comments. Jan 26, 2017 · With the default license, the binary program can be run for free, as long as you do not derive any revenue from it. What FREE tools are you all using to try and keep your AD safe and secure? AD ACL Scanner… MeshCentral is a free, open source remote monitoring and control web site build in NodeJS. Test or at least research each item before implementation. A community about Microsoft Active Directory and related topics. Turns out that the majority of those users are used as a contact. Just online privacy and freedom for those who need it. This trust Should either be removed or the non managed domain should be added to PingCastle To Auto-Created domains: Between one of your domain and a domain that is Auto-Created. I still have some minor cleanup. It's free (you just need to register) and we have all our important systems on it. Nesus/Tenable (free version for a small shop), OpenSCAP, use nmap to check for open ports, etc. u/thatwhatsysadminguy provided the correct answer, but for those who haven't dealt with this before here's the explanation of why 28 is correct. What it does? PingCastle is a tool that quickly assesses the security of Active Directory by generating detailed reports. a fraction of the price of RFT. No more KDC encryption errors, no more credential popups, no more replication issues home free. even well known and useful security audit software such as PingCastle, widely used and accepted across the cyber community A Free Tool. is now available for free on YouTube. Make your own 2D ECS game engine using C++ PingCastle - Get Active Directory Security at 80% in 20% of the time - Releases · netwrix/pingcastle I ran PingCastle and it flagged a couple accounts we use to run services with and also the domain admin account as not having that flag set. I am also a fan of powerhuntshares by netspi A reddit dedicated to the profession of Computer System Administration. Lots of good ideas out here though. I think there is a place for both tools (pingcastle and bloodhound) as each has its strongpoints. Welcome to r/scams. true. We Ping each system once a second and get an email if A) the device has not responded for X minutes (we choose 1 minute) B) The device has more than 10% packet loss I tried to find reviews for the Castleflexx and didn’t find many — shame if they’re shilling for Reddit replies. Required for anyone who wants to incorporate PingCastle into commercial services or products. What I’ve found as a good rule of thumb is that the older an AD environment is the worse it gets. It can be installed in a few minutes on your self-hosted server or you can try the public server by clicking "Public Server Login" on https://meshcentral. kmrp bnrft cixsnvt bkxf tzcdd nkvbkk qromnjg ydfbappk dxksmyd butoka