Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Updated ESC4 Remediations To Be More Flexible #140

Merged
merged 35 commits into from
Jul 23, 2024
Merged

Updated ESC4 Remediations To Be More Flexible #140

merged 35 commits into from
Jul 23, 2024

Conversation

TrimarcJake
Copy link
Owner

This should close #126 by doing the following:

  1. If the Mode is not 0 or 2 AND an ESC4 is detected, Locksmith will ask a couple simple questions to determine the best course of remediation.
  • Does the principal administer this template?
  • (If the granted rights are GenericAll) Does the principal need to Enroll/AutoEnroll?
  1. The answers to those questions will update the "Fix" attribute with one of the following options:
  • Marks the issue as not needing remediation.
  • Leaves basic remediation unchanged
  • Removes GenericAll and restores Enroll
  • Removes GenericAll and restores AutoEnroll
  • Removes GenericAll and restores Enroll + AutoEnroll
  • Removes GenericAll and restores nothing

@TrimarcJake
#126 Initial commit
7782a1c
@TrimarcJake
#126 Wrong function name
0d33043
@TrimarcJake
#126 fresh build with new function.
62b481d
@TrimarcJake
#126 Another more fresher build
941099e
@TrimarcJake
#126 We don't need no stinking Mode param
34f6ffa
@TrimarcJake
#126 right variable names help
f336ab6
@TrimarcJake
#126 actually right variable names help
059d9e4
@TrimarcJake
#126 Trying here-strings for Fixes. Will make things easier.
9809792
@TrimarcJake
#126 ope forgot to build the new script
e7dceef
@TrimarcJake
#126 put here-string in the right place
b34d7de
@TrimarcJake
#126 messing with here-string
d8917d6
@TrimarcJake
#126 messing with here-string
56585a4
@TrimarcJake
#126 messing with here-string
5bf448c
@TrimarcJake
#126 lets try a fix as a scriptblock
70f8b12
@TrimarcJake
#126 lets try a fix as a scriptblock
b7d0696
@TrimarcJake
#126 lets try a fix as a scriptblock
7b03eea
@TrimarcJake
#126 Mode will be needed, actually.
31a0a88
@TrimarcJake
#126 need to make sure path and IdentityReference are wrapped in quotes.
11be563
@TrimarcJake
#126 First go at re-adding enrollment.
25ed464
@TrimarcJake
#126 wrong logic in while loop
9bacaf1
@TrimarcJake
#126 beep boop
0893d74
@TrimarcJake
#126 notin, not in.
3714314
@TrimarcJake
#126 moving stuff into the functions that make most sense.
b5f8a21
@TrimarcJake
#126 fresh build
569324c
@TrimarcJake
Merge branch '126-enhance-esc4-remediations' of https://github.com/Tr…
d312b3c 
…imarcJake/Locksmith into 126-enhance-esc4-remediations
@TrimarcJake
#126 fresher build
6d9607b
@TrimarcJake
#126 Fresh build with a little clearer question.
97d95b5
@TrimarcJake
#126 proper escaping of stuff is crucial
e9f3c26
@TrimarcJake
#126 Finalizing Re-add of Enroll
14adff5
@TrimarcJake
#126 Initial commit of Re-adding Enroll and Auto-Enroll
d94716f
@github-actions GitHub Actions
Copy link

github-actions bot commented Jul 23, 2024
edited
Loading

🦙 MegaLinter status: ⚠️ WARNING

Descriptor Linter Files Fixed Errors Elapsed time
⚠️ COPYPASTE jscpd yes 19 1.99s
⚠️ EDITORCONFIG editorconfig-checker 17 1 0.25s
⚠️ MARKDOWN markdownlint 5 15 0.59s
⚠️ MARKDOWN markdown-link-check 5 8 3.57s
✅ MARKDOWN markdown-table-formatter 5 0 0.29s
⚠️ POWERSHELL powershell 12 9 16.37s
✅ POWERSHELL powershell_formatter 12 0 13.38s
⚠️ REPOSITORY checkov yes 1 11.47s
✅ REPOSITORY gitleaks yes no 0.53s
✅ REPOSITORY git_diff yes no 0.03s
✅ REPOSITORY grype yes no 15.69s
✅ REPOSITORY secretlint yes no 0.87s
✅ REPOSITORY trivy yes no 5.15s
✅ REPOSITORY trivy-sbom yes no 1.37s
✅ REPOSITORY trufflehog yes no 7.96s
⚠️ SPELL cspell 18 197 7.03s

See detailed report in MegaLinter reports
Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff

MegaLinter is graciously provided by OX Security

SamErde
SamErde reviewed Jul 23, 2024
View reviewed changes
Private/Find-ESC4.ps1 Outdated Show resolved Hide resolved
@SamErde SamErde merged commit a5e3452 into testing Jul 23, 2024
3 checks passed
@TrimarcJake TrimarcJake deleted the 126-enhance-esc4-remediations branch July 23, 2024 18:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@SamErde SamErde SamErde approved these changes

@techspence techspence Awaiting requested review from techspence

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@TrimarcJake @SamErde