API Reference

Class

KerberosEncryptionTypeClassifier

Edit on GitHub

Namespace ADPlayground.Kerberos

Assembly ADPlayground

Source ADPlayground/Kerberos/KerberosEncryptionTypeClassifier.cs:32

Modifiers static

Classifies Kerberos encryption posture from msDS-SupportedEncryptionTypes.

Inheritance

Object
KerberosEncryptionTypeClassifier

Methods

AllowsRc4 2 overloads

public static Boolean AllowsRc4(Nullable<Int32> encryptionTypes) #

ADPlayground/Kerberos/KerberosEncryptionTypeClassifier.cs:71

Returns: Boolean

Returns true when the effective encryption mask allows RC4.

Parameters

encryptionTypes System.Nullable{System.Int32} requiredposition: 0: Raw msDS-SupportedEncryptionTypes value.

public static Boolean AllowsRc4(Nullable<Int32> encryptionTypes, Nullable<Int32> defaultDomainSupportedEncTypes) #

ADPlayground/Kerberos/KerberosEncryptionTypeClassifier.cs:81

Returns: Boolean

Returns true when the effective encryption mask allows RC4.

Parameters

encryptionTypes System.Nullable{System.Int32} requiredposition: 0: Raw msDS-SupportedEncryptionTypes value.
defaultDomainSupportedEncTypes System.Nullable{System.Int32} requiredposition: 1: KDC DefaultDomainSupportedEncTypes fallback for unset account masks.

HasAes 2 overloads

public static Boolean HasAes(Nullable<Int32> encryptionTypes) #

ADPlayground/Kerberos/KerberosEncryptionTypeClassifier.cs:32

Returns: Boolean

Returns true when the effective encryption mask contains AES128 or AES256.

Parameters

encryptionTypes System.Nullable{System.Int32} requiredposition: 0: Raw msDS-SupportedEncryptionTypes value.

public static Boolean HasAes(Nullable<Int32> encryptionTypes, Nullable<Int32> defaultDomainSupportedEncTypes) #

ADPlayground/Kerberos/KerberosEncryptionTypeClassifier.cs:42

Returns: Boolean

Returns true when the effective encryption mask contains AES128 or AES256.

Parameters

encryptionTypes System.Nullable{System.Int32} requiredposition: 0: Raw msDS-SupportedEncryptionTypes value.
defaultDomainSupportedEncTypes System.Nullable{System.Int32} requiredposition: 1: KDC DefaultDomainSupportedEncTypes fallback for unset account masks.

IsAesDisabled 2 overloads

public static Boolean IsAesDisabled(Nullable<Int32> encryptionTypes) #

ADPlayground/Kerberos/KerberosEncryptionTypeClassifier.cs:52

Returns: Boolean

Returns true when AES is not enabled in the effective encryption mask.

Parameters

encryptionTypes System.Nullable{System.Int32} requiredposition: 0: Raw msDS-SupportedEncryptionTypes value.

public static Boolean IsAesDisabled(Nullable<Int32> encryptionTypes, Nullable<Int32> defaultDomainSupportedEncTypes) #

ADPlayground/Kerberos/KerberosEncryptionTypeClassifier.cs:62

Returns: Boolean

Returns true when the effective encryption mask lacks AES128 and AES256.

Parameters

encryptionTypes System.Nullable{System.Int32} requiredposition: 0: Raw msDS-SupportedEncryptionTypes value.
defaultDomainSupportedEncTypes System.Nullable{System.Int32} requiredposition: 1: KDC DefaultDomainSupportedEncTypes fallback for unset account masks.

public static Boolean IsMissing(Nullable<Int32> encryptionTypes) #

ADPlayground/Kerberos/KerberosEncryptionTypeClassifier.cs:113

Returns: Boolean

Returns true when the attribute is missing, empty, or explicitly set to the default marker value.

Parameters

encryptionTypes System.Nullable{System.Int32} requiredposition: 0: Raw msDS-SupportedEncryptionTypes value.

IsRc4Only 2 overloads

public static Boolean IsRc4Only(Nullable<Int32> encryptionTypes) #

ADPlayground/Kerberos/KerberosEncryptionTypeClassifier.cs:91

Returns: Boolean

Returns true when the effective mask allows RC4 but not AES.

Parameters

encryptionTypes System.Nullable{System.Int32} requiredposition: 0: Raw msDS-SupportedEncryptionTypes value.

public static Boolean IsRc4Only(Nullable<Int32> encryptionTypes, Nullable<Int32> defaultDomainSupportedEncTypes) #

ADPlayground/Kerberos/KerberosEncryptionTypeClassifier.cs:101

Returns: Boolean

Returns true when the effective mask allows RC4 but not AES.

Parameters

encryptionTypes System.Nullable{System.Int32} requiredposition: 0: Raw msDS-SupportedEncryptionTypes value.
defaultDomainSupportedEncTypes System.Nullable{System.Int32} requiredposition: 1: KDC DefaultDomainSupportedEncTypes fallback for unset account masks.

Inherited Methods

Fields

public const Int32 DesCbcCrc #

DES-CBC-CRC bit.

Value: 1

public const Int32 DesCbcMd5 #

DES-CBC-MD5 bit.

Value: 2

public const Int32 Rc4Hmac #

RC4-HMAC bit.

Value: 4

public const Int32 Aes128 #

AES128-CTS-HMAC-SHA1-96 bit.

Value: 8

public const Int32 Aes256 #

AES256-CTS-HMAC-SHA1-96 bit.

Value: 16

public const Int32 AesMask #

Combined AES encryption mask.

Value: 24