You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This commit was created on GitHub.com and signed with GitHub’s verified signature.
Release Notes
Certificate template checks now allow domain computers to trigger regardless of whether msds-machineaccountquota is set, delivering more comprehensive coverage of certificate authentication configurations across varied domain setups
Enhanced P-AdminLogin check to include password reset logic, improving detection and reporting of admin accounts with outdated or concerning password patterns
Added MFA status column to Entra ID reporting
Restored honeypot exclusion functionality
Corrected a typo in the LDAP filter affecting BuiltinDomain detection
Updated documentation links to the external STIG viewer resource which were pointing to invalid URLs
Fixed detection for MS17-010 (EternalBlue) vulnerability on domain controllers which was previously being reported incorrectly
Enhanced the PWDNeverExpires check to properly evaluate accounts that have had their password changed recently, reducing false positives
Clarified delegation reporting in computer analysis to reduce confusion around constrained and unconstrained delegation results
Optimized knowledge base scanning performance during compute risks evaluation
Fixed S-AesNotEnabled scoring issues
Disabled accounts are now excluded from the risk count as they cannot be AS-REP Roasted
Updated information and guidance based on the Microsoft RC4 phase-out
Fixed configuration file parsing so that settings in appsettings.console.json are correctly loaded at runtime
Fixed a string mismatch in the exclusion logic that was preventing BUILTIN\Users from being correctly excluded from the A-MembershipEveryone risk assessment
Rewrote the auto-updater mechanism after versions 3.5.0.37+ were found to corrupt configuration files on affected servers
