TestimoX

API Reference

Class

EncryptionTypeChecker

Edit on GitHub
Namespace ADPlayground.Kerberos
Assembly ADPlayground
Source ADPlayground/Kerberos/EncryptionTypeChecker.cs:16

Evaluates supported Kerberos encryption types for user and computer accounts.

Inheritance

  • Object
  • EncryptionTypeChecker

Remarks

See usage examples in the unit tests for typical scenarios.

Constructors

public EncryptionTypeChecker(Func<String, IEnumerable<ValueTuple<String, Int32>>> fetchAccounts = null, Func<IEnumerable<String>> enumerateDomains = null) #
ADPlayground/Kerberos/EncryptionTypeChecker.cs:16

Initializes a new instance of the EncryptionTypeChecker class.

Parameters

fetchAccounts System.Func{System.String,System.Collections.Generic.IEnumerable{System.ValueTuple{System.String,System.Int32}}} = null optionalposition: 0
Optional delegate returning account encryption data for a domain.
enumerateDomains System.Func{System.Collections.Generic.IEnumerable{System.String}} = null optionalposition: 1
Optional delegate returning domains to evaluate.

Methods

public IEnumerable<KerberosEncryptionFinding> Check(Boolean log = true) #
Returns: IEnumerable<KerberosEncryptionFinding>

Logs warnings for all domains in the forest and returns findings.

Parameters

log System.Boolean = true optionalposition: 0
Whether to emit warnings for weak accounts.

Returns

Collection of findings.

public IEnumerable<KerberosEncryptionFinding> CheckDomain(String domainName = null, Boolean log = true) #
Returns: IEnumerable<KerberosEncryptionFinding>

Logs warnings for accounts that do not support AES encryption and returns analysis details.

Parameters

domainName System.String = null optionalposition: 0
Target domain or null for the current domain.
log System.Boolean = true optionalposition: 1
Whether to emit warnings for weak accounts.

Returns

Collection of findings.

public static IEnumerable<String> FilterWeakEncryption(IEnumerable<ValueTuple<String, Int32>> accounts) #
Returns: IEnumerable<String>

Filters a collection of account data to those lacking AES encryption support.

Parameters

accounts System.Collections.Generic.IEnumerable{System.ValueTuple{System.String,System.Int32}} requiredposition: 0
Account data with encryption type flags.

Returns

Collection of SAM account names.

GetAccounts 2 overloads
public IEnumerable<ValueTuple<String, Int32>> GetAccounts(String domainName) #
ADPlayground/Kerberos/EncryptionTypeChecker.cs:29
Returns: IEnumerable<ValueTuple<String, Int32>>

Retrieves account encryption information for the specified domain.

Parameters

domainName System.String requiredposition: 0
Target domain.

Returns

Collection of account data.

public IEnumerable<ValueTuple<String, Int32>> GetAccounts() #
Returns: IEnumerable<ValueTuple<String, Int32>>

Iterates all domains and returns encryption information for each account.

Returns

Collection of account data.