is the only enterprise solution to protect organizations against credential stuffing and password spraying attacks. Visit for more details, and tell them 7 Minute Security sent you to get a 10% discount!

In today’s episode we talk about Purple Knight, a free tool to help assess your organization’s Active Directory security. I stuck Purple Knight in our Light Pentest LITE pentest training lab and did an informal compare-and-contrast of its detection capabilities versus PingCastle, which we talked about in depth in episode #489. Here are some highlights:

Test PingCastle Purple Knight
Warned about ms-ds-machine-account-quota Yes Yes
Detected ASREPRoastable users Yes No
Identified machines configured with unconstrained delegation Yes Yes
Found "cpassword" values from the MS14-025 vulnerability Yes No
Identified print services running on domain controllers Yes Yes
Called out Microsoft Local Administrator Password Solution not being present Yes Kind of (listen to today’s episode for more info)
Found DNS zone transfer misconfiguration Yes No
Called out no GPO being present to disable LLMNR Yes No
Flagged password policy as being less than ideal Yes Yes
Flagged non-default principals that had dcsync permissions on the domain controller(s) No Yes

Written by: Brian Johnson

Share on socials: