creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-12 14:14:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
d5f3fa32486ea335db802d68fe2147fa2da69583
Anthropic-Cybersecurity-Skills/skills/performing-active-directory-vulnerability-assessment/references/api-reference.md
T
mukul975 c21af3347e Complete folder anatomy for all 649 cybersecurity skills + update LICENSE to Mahipal 
- Add scripts/agent.py and references/api-reference.md to all remaining skills
- Update all 648 LICENSE files: copyright now reads 'Mahipal'
- Add implementing-security-monitoring-with-datadog (new skill with full anatomy)
- All 649 skills now have: SKILL.md, LICENSE, scripts/agent.py, references/api-reference.md
2026-03-11 00:22:12 +01:00

89 lines
2.5 KiB
Markdown
Raw Blame History

# Active Directory Vulnerability Assessment - API Reference
## PingCastle XML Report
PingCastle generates XML health check reports with scoring across four categories:
| Category | Description |
|----------|-------------|
| StaleObjects | Dormant accounts, old computer objects, unused groups |
| PrivilegiedGroup | Excessive admin memberships, unprotected privileged accounts |
| Trust | Insecure trust relationships, SID filtering |
| Anomaly | Unusual configurations, legacy protocols |
### Score Interpretation
- 0-20: Excellent
- 21-50: Good
- 51-75: Needs improvement
- 76-100: Critical
### XML Structure
```xml
<HealthcheckData>
<GlobalScore>45</GlobalScore>
<StaleObjectsScore>15</StaleObjectsScore>
<PrivilegiedGroupScore>20</PrivilegiedGroupScore>
<RiskRules>
<HealthcheckRiskRule>
<RiskId>P-AdminCount</RiskId>
<Category>PrivilegiedGroup</Category>
<Points>30</Points>
<Rationale>15 accounts with adminCount=1</Rationale>
</HealthcheckRiskRule>
</RiskRules>
</HealthcheckData>
```
## LDAP Checks (ldap3)
### Password Policy Attributes
| Attribute | Type | Description |
|-----------|------|-------------|
| `minPwdLength` | int | Minimum password length |
| `lockoutThreshold` | int | Failed attempts before lockout (0 = disabled) |
| `pwdHistoryLength` | int | Number of remembered passwords |
| `maxPwdAge` | interval | Maximum password age |
### krbtgt Account
The krbtgt account key encrypts all Kerberos tickets. If compromised (Golden Ticket attack), all tickets must be invalidated by resetting krbtgt password twice. Recommended rotation: every 180 days.
```python
conn.search(base_dn, "(&(objectClass=user)(sAMAccountName=krbtgt))",
attributes=["pwdLastSet"])
```
## Vulnerability Categories
### Critical
- No account lockout policy
- krbtgt password > 180 days old
- PingCastle risk rules with 50+ points
### High
- Minimum password length < 12
- Accounts with adminCount=1 not in privileged groups
- Legacy protocols enabled (NTLMv1, LM hashes)
### Medium
- Password history < 12
- Stale computer objects > 90 days
- Unconstrained delegation
## Output Schema
```json
{
"report": "ad_vulnerability_assessment",
"pingcastle_scores": {"global": 45, "staleobjects": 15},
"total_findings": 20,
"severity_summary": {"critical": 3, "high": 10, "medium": 7}
}
```
## CLI Usage
```bash
python agent.py --pingcastle-xml report.xml --server ldaps://dc.example.com --username "DOMAIN\\user" --password "pass" --output report.json
```
Reference in New Issue View Git Blame Copy Permalink