專案

一般

配置概況

動作
複製連結

專案資訊 #1064

進行中

2025-PenTest

是由 Joy Liao3 個月 前加入. 於 約 2 個月 前更新.

狀態:
New-新增
優先權:
High
被分派者:
-
分類:
執行階段
開始日期:
2025-08-01
完成日期:
2025-12-31 (逾期 25 天)
完成百分比:

89%

預估工時:
(總計: 0:00 小時)

概述

ADPT_TAHO_Remediation Tracker
Severity Ref. Weakness
NNN bookmark20250526222819601367469548 "Cleartext Passwords Stored in Domain Attributes

Several users, including domain admins, store their passwords in cleartext in domain attributes.

"
NN "4.3.2

MITRE-T1558

" "Domain Admin Vulnerable to Kerberoasting Attack

It is possible to obtain the encrypted Kerberos service ticket of a domain admin for offline password cracking.

"
NN bookmark20250528021100422251172311 "Dangerous Permission over Accounts with Replication Rights

All domain users have ForceChangePassword permission against three accounts which have DCsync ability.

"
NN bookmark20250528105554721728147917 "Dangerous Permisson over GPO that applies to object with high privileges

All domain users can modify GPO that will affect an OU containing domain admins."
bookmark20250527015003600759977664 "Sensitive Data Stored in Domain Controller’s Network Shares

"
N bookmark20230424152553354013409667 "Privileged Accounts with Never Expiring Passwords

"
"4.7.3

CWE-16
CWE-284

" "SMB NULL Session Authentication allowed on Domain Controllers

The SMB service on domain controllers allows users to authenticate using a NULL session, meaning that no user credentials need to be supplied to the server.

"
N bookmark2025052801463337292181788 "Use of ""Pre-Windows 2000 Compatible Access"" group

"
N bookmark20250529113929916258883991 "ADCS Web Enrollment Enabled for high-privileged accounts

"
N "4.7.2

KB2696547

" "SMB version 1 in use on Domain Controller

"
N bookmark20250526231504779653815004 "Krbtgt Password Unchanged for over 1 year

"
N bookmark20250528093106041557187875 "Dangerous Permission over Domain Context Root

"
N bookmark20250527150517990578686946 "Non-restricted Domain Join with Excessive Machine Account Quota

"
bookmark20250528012341779511785327 Presence of user principals in Schema Admins group
bookmark20230424152530055619155201 "Privileged acccount outside from 'Protected Users' group

"
bookmark2025052818064551592624366 "Overly Permissive Non-Privileged Accounts

"
bookmark20230424152607541378202907 "Object Owner Anomalies

"
bookmark20250528113440590525911882 "Dangerous Permission over Privileged Objects Containers

"
bookmark20250528101140588319445694 "Dangerous Permission over MicrosoftDNS server objects

"
bookmark20250527172903274457208324 "Dangerous Permission over Domain Controllers Group

"
bookmark2025052717152717274892035 "Dangerous Permission over adminSDHolder

"
bookmark20250527164529819756743971 "Dangerous Permission over DNSAdmins Group

"

檔案

ADPT_TAHO_Remediation Tracker (2).xlsx (397 KB) ADPT_TAHO_Remediation Tracker (2).xlsx Joy Liao, 2025-11-10 13:21

子任務 25 (25 進行中0 已結束)

專案資訊 #1065: Cleartext Passwords Stored in Domain AttributesResolved-解决益利 周2025-08-012025-12-31

動作
專案資訊 #1066: Domain Admin Vulnerable to Kerberoasting AttackResolved-解决益利 周2025-08-012025-12-31

動作
專案資訊 #1067: Dangerous Permission over Accounts with Replication RightsNew-新增益利 周2025-08-012025-12-31

動作
專案資訊 #1068: Dangerous Permisson over GPO that applies to object with high privileges Resolved-解决益利 周2025-08-012025-12-31

動作
專案資訊 #1069: Dangerous Permisson over GPO that applies to object with high privileges Resolved-解决益利 周2025-08-012025-12-31

動作
專案資訊 #1070: Dangerous Permisson over GPO that applies to object with high privileges Resolved-解决益利 周2025-08-012025-12-31

動作
專案資訊 #1071: Sensitive Data Stored in Domain Controller’s Network SharesResolved-解决益利 周2025-08-012025-12-31

動作
專案資訊 #1072: Privileged Accounts with Never Expiring PasswordsResolved-解决益利 周2025-08-012025-12-31

動作
專案資訊 #1073: SMB NULL Session Authentication allowed on Domain ControllersResolved-解决益利 周2025-08-012025-12-31

動作
專案資訊 #1074: Use of ""Pre-Windows 2000 Compatible AccessResolved-解决益利 周2025-08-012025-12-31

動作
專案資訊 #1075: ADCS Web Enrollment Enabled for high-privileged accountsResolved-解决益利 周2025-08-012025-12-31

動作
專案資訊 #1076: SMB version 1 in use on Domain ControllerResolved-解决益利 周2025-08-012025-12-31

動作
專案資訊 #1077: Krbtgt Password Unchanged for over 1 yearResolved-解决益利 周2025-08-012025-12-31

動作
專案資訊 #1078: Dangerous Permission over Domain Context RootResolved-解决益利 周2025-08-012025-12-31

動作
專案資訊 #1079: Non-restricted Domain Join with Excessive Machine Account QuotaResolved-解决益利 周2025-08-012025-12-31

動作
專案資訊 #1080: Presence of user principals in Schema Admins groupResolved-解决益利 周2025-08-012025-12-31

動作
專案資訊 #1081: Privileged acccount outside from 'Protected Users' groupResolved-解决益利 周2025-08-012025-12-31

動作
專案資訊 #1082: Privileged acccount outside from 'Protected Users' groupResolved-解决益利 周2025-08-012025-12-31

動作
專案資訊 #1083: Overly Permissive Non-Privileged AccountsResolved-解决益利 周2025-08-012025-12-31

動作
專案資訊 #1084: Object Owner AnomaliesIn process-進行中益利 周2025-08-012025-12-31

動作
專案資訊 #1085: Dangerous Permission over Privileged Objects ContainersIn process-進行中益利 周2025-08-012025-12-31

動作
專案資訊 #1086: Dangerous Permission over MicrosoftDNS server objectsResolved-解决益利 周2025-08-012025-12-31

動作
專案資訊 #1087: Dangerous Permission over Domain Controllers GroupResolved-解决益利 周2025-08-012025-12-31

動作
專案資訊 #1088: Dangerous Permission over adminSDHolderResolved-解决益利 周2025-08-012025-12-31

動作
專案資訊 #1089: Dangerous Permission over DNSAdmins GroupResolved-解决益利 周2025-08-012025-12-31

動作
動作
複製連結

匯出至 Atom PDF