Assessing Your Active Directory Security with PingCastle
Ensuring your Active Directory meets security controls and best practices.
Introduction
In this blog post, I will be showing you how PingCastle can be installed and how to run and generate a report with it. To do this, I have installed Windows Server 2019 on a Virtual Machine and built a Domain Controller which is hosting Active Directory on it.
What is PingCastle?
PingCastle is a free, open-source tool that provides Active Directory security assessment, and it uses a set of security benchmarks to evaluate the security posture of an organisation's Active Directory environment. Its benchmarking methodology is comprehensive and covers a wide range of security controls and best practices (including Microsoft Best Practices, CIS, and NIST) making it a valuable tool for evaluating your security posture.
It's not a vulnerability scanner as it does not actively scan for known vulnerabilities like a vulnerability scanner would. Instead, PingCastle is more of an auditing and analysis tool that provides various reports and metrics to assess the security posture of an AD environment, including things like privileged accounts, group membership, password policies, and more. It can also help identify misconfigurations and potential weaknesses that could be exploited by attackers.
As a premium user, it's also possible to integrate the MITRE ATT&CK framework with PingCastle to provide enhanced insights into the security of your Active Directory environment. Specifically, PingCastle can map the vulnerabilities and weaknesses it detects to specific MITRE ATT&CK tactics and techniques, which can help you understand the severity and impact of these vulnerabilities and prioritise remediation efforts.
Installation steps
Follow these steps to install PingCastle:
1. Download PingCastle from here
2. Save to your Downloads folder and extract it
3. Open PowerShell
4. Run PingCastle.exe by navigating to the following directory: C:\Users\Administrator\Downloads\PingCastle_2.10.0.0> .\PingCastle.exe
5. You will then be prompted to select several options. Choose the first option (healthcheck score of the risk domain)
6. Next you will be asked to specify the domain and hit enter
Once the assessment has finished, you should see the following screen:
As you can see, the assessment has generated an HTML report which you will be able to find within the PingCastle file that you previously extracted.
This report will contain an overall risk level and key findings as seen in the following screenshots:
