private static int GetCountFromSize(FakeHealthCheckDataGeneratorDomainModel model)
{
int upperBound, lowerBound;
switch (model.Size)
{
case DomainSizeModel.Large:
lowerBound = 10000;
upperBound = 100000;
break;
case DomainSizeModel.Medium:
lowerBound = 1000;
upperBound = 10000;
break;
case DomainSizeModel.Small:
default:
lowerBound = 100;
upperBound = 1000;
break;
case DomainSizeModel.VerySmall:
lowerBound = 10;
upperBound = 100;
break;
}
return(rnd.Next(lowerBound, upperBound));
}
private void GenerateUserData(FakeHealthCheckDataGeneratorDomainModel model, HealthcheckData healthcheckData)
{
healthcheckData.UserAccountData = new HealthcheckAccountData();
healthcheckData.AdminLastLoginDate = DateBetween2Dates(healthcheckData.DomainCreation, DateTime.Now);;
healthcheckData.AdminAccountName = "Administrator";
int size = GetCountFromSize(model);
for (int i = 0; i < size; i++)
{
ADItem x = new ADItem();
x.DistinguishedName = "CN=123";
// disabled
x.UserAccountControl += BoolOnChance(15) * 0x00000002;
//preauth
x.UserAccountControl += BoolOnChance(1) * 0x400000;
// locked
x.UserAccountControl += BoolOnChance(4) * 0x00000010;
// pwd never expires
x.UserAccountControl += BoolOnChance(10) * 0x00010000;
// pwd not required
x.UserAccountControl += BoolOnChance(2) * 0x00000020;
// trusted to authenticate
x.UserAccountControl += BoolOnChance(2) * 0x80000;
x.PrimaryGroupID = 515 + BoolOnChance(1);
new HealthcheckAnalyzer().ProcessAccountData(healthcheckData.UserAccountData, x, false);
}
healthcheckData.LoginScript = new List <HealthcheckLoginScriptData>();
}
private void GeneratePrivilegedData(FakeHealthCheckDataGeneratorDomainModel model, HealthcheckData healthcheckData)
{
healthcheckData.Delegations = new List <HealthcheckDelegationData>();
healthcheckData.ControlPaths = new CompromiseGraphData();
healthcheckData.ControlPaths.Data = new List <SingleCompromiseGraphData>();
healthcheckData.PrivilegedGroups = new List <HealthCheckGroupData>();
healthcheckData.AllPrivilegedMembers = new List <HealthCheckGroupMemberData>();
}
private static void GenerateGeneralData(FakeHealthCheckDataGeneratorDomainModel model, HealthcheckData healthcheckData)
{
string fqdn;
if (model.Forest == null)
{
fqdn = FQDNGenerator();
healthcheckData.ForestFQDN = fqdn;
}
else
{
fqdn = ChildGenerator() + "." + model.Forest.ForestFQDN;
healthcheckData.ForestFQDN = model.Forest.ForestFQDN;
}
healthcheckData.DomainFQDN = fqdn;
healthcheckData.DomainSid = GenerateRandomSid();
if (model.Forest != null)
{
healthcheckData.DomainCreation = DateBetween2Dates(model.Forest.DomainCreation, DateTime.Now);
healthcheckData.ForestFunctionalLevel = model.Forest.ForestFunctionalLevel;
}
else
{
healthcheckData.DomainCreation = DateTime.Now.AddYears(-5).AddDays(-1 * rnd.Next(10 * 365));
healthcheckData.ForestFunctionalLevel = rnd.Next(0, 8);
}
// adding the domain Netbios name
healthcheckData.NetBIOSName = healthcheckData.DomainFQDN.Split('.')[0];
healthcheckData.DomainFunctionalLevel = rnd.Next(healthcheckData.ForestFunctionalLevel, 8);
healthcheckData.SchemaVersion = SchemaVersion(healthcheckData.ForestFunctionalLevel);
healthcheckData.SchemaInternalVersion = 1;
healthcheckData.SchemaLastChanged = DateBetween2Dates(healthcheckData.DomainCreation, DateTime.Now);
healthcheckData.GenerationDate = DateTime.Now;
healthcheckData.IsRecycleBinEnabled = true;
Version version = Assembly.GetExecutingAssembly().GetName().Version;
healthcheckData.EngineVersion = version.ToString(4);
healthcheckData.Level = PingCastleReportDataExportLevel.Full;
}
private void GenerateGPOData(FakeHealthCheckDataGeneratorDomainModel model, HealthcheckData healthcheckData)
{
healthcheckData.GPPPassword = new List <GPPPassword>();
healthcheckData.GPPRightAssignment = new List <GPPRightAssignment>();
healthcheckData.GPPLoginAllowedOrDeny = new List <GPPRightAssignment>();
healthcheckData.GPPPasswordPolicy = new List <GPPSecurityPolicy>();
healthcheckData.GPOLsaPolicy = new List <GPPSecurityPolicy>();
healthcheckData.GPOScreenSaverPolicy = new List <GPPSecurityPolicy>();
healthcheckData.TrustedCertificates = new List <HealthcheckCertificateData>();
healthcheckData.GPOLoginScript = new List <HealthcheckGPOLoginScriptData>();
healthcheckData.GPOLocalMembership = new List <GPOMembership>();
healthcheckData.GPOEventForwarding = new List <GPOEventForwardingInfo>();
healthcheckData.GPODelegation = new List <GPODelegationData>();
healthcheckData.GPPFileDeployed = new List <GPPFileDeployed>();
healthcheckData.GPOAuditSimple = new List <GPOAuditSimpleData>();
healthcheckData.GPOAuditAdvanced = new List <GPOAuditAdvancedData>();
}
private void GenerateComputerData(FakeHealthCheckDataGeneratorDomainModel model, HealthcheckData healthcheckData)
{
healthcheckData.OperatingSystem = new List <HealthcheckOSData>();
healthcheckData.OperatingSystemVersion = new List <HealthcheckOSVersionData>();
healthcheckData.ComputerAccountData = new HealthcheckAccountData();
int size = GetCountFromSize(model);
for (int i = 0; i < size; i++)
{
ADItem x = new ADItem();
x.DistinguishedName = "CN=123";
// disabled
x.UserAccountControl += BoolOnChance(15) * 0x00000002;
//preauth
x.UserAccountControl += BoolOnChance(1) * 0x400000;
// locked
x.UserAccountControl += BoolOnChance(4) * 0x00000010;
// pwd never expires
x.UserAccountControl += BoolOnChance(10) * 0x00010000;
// pwd not required
x.UserAccountControl += BoolOnChance(2) * 0x00000020;
// trusted to authenticate
x.UserAccountControl += BoolOnChance(2) * 0x80000;
x.PrimaryGroupID = 515 + BoolOnChance(1);
HealthcheckAnalyzer.ProcessAccountData(healthcheckData.ComputerAccountData, x, true);
}
healthcheckData.LoginScript = new List <HealthcheckLoginScriptData>();
healthcheckData.DomainControllers = new List <HealthcheckDomainController>();
size = (int)Math.Exp(Math.Log10(size) / 2);
if (size < 1)
{
size = 1;
}
for (int i = 0; i < size; i++)
{
HealthcheckDomainController dc = new HealthcheckDomainController();
dc.DCName = "DC" + i;
dc.CreationDate = DateBetween2Dates(healthcheckData.DomainCreation, DateTime.Now);
// last logon timestam can have a delta of 14 days
dc.LastComputerLogonDate = DateTime.Now.AddDays(-1 * rnd.Next(180));
dc.DistinguishedName = "DC=DC";
dc.OperatingSystem = "Windows 2019";
healthcheckData.DomainControllers.Add(dc);
}
}
public HealthcheckData GenerateSingleReport(FakeHealthCheckDataGeneratorDomainModel model)
{
var healthcheckData = new HealthcheckData();
Trace.WriteLine("Gathering general data");
GenerateGeneralData(model, healthcheckData);
Trace.WriteLine("Gathering user data");
GenerateUserData(model, healthcheckData);
Trace.WriteLine("Gathering computer data");
GenerateComputerData(model, healthcheckData);
Trace.WriteLine("Gathering trust data");
GenerateTrust(model, healthcheckData);
Trace.WriteLine("Gathering privileged group and permissions data");
GeneratePrivilegedData(model, healthcheckData);
Trace.WriteLine("Gathering delegation data");
GenerateDelegation(model, healthcheckData);
Trace.WriteLine("Gathering gpo data");
GenerateGPOData(model, healthcheckData);
Trace.WriteLine("Gathering anomaly data");
GenerateAnomalyData(model, healthcheckData);
Trace.WriteLine("Gathering domain controller data");
Trace.WriteLine("Gathering network data");
GenerateNetworkData(model, healthcheckData);
Trace.WriteLine("Computing risks");
var rules = new RuleSet <HealthcheckData>();
healthcheckData.RiskRules = new List <HealthcheckRiskRule>();
foreach (var rule in rules.ComputeRiskRules(healthcheckData))
{
HealthcheckRiskRule risk = new HealthcheckRiskRule();
risk.Points = rule.Points;
risk.Category = rule.Category;
risk.Model = rule.Model;
risk.RiskId = rule.RiskId;
risk.Rationale = rule.Rationale;
risk.Details = rule.Details;
healthcheckData.RiskRules.Add(risk);
}
Trace.WriteLine("Done");
return(healthcheckData);
}
private void GenerateAnomalyData(FakeHealthCheckDataGeneratorDomainModel model, HealthcheckData healthcheckData)
{
healthcheckData.SmartCardNotOK = new List <HealthcheckAccountDetailData>();
}
private void GenerateDelegation(FakeHealthCheckDataGeneratorDomainModel model, HealthcheckData healthcheckData)
{
healthcheckData.Delegations = new List <HealthcheckDelegationData>();
}
private void GenerateNetworkData(FakeHealthCheckDataGeneratorDomainModel model, HealthcheckData healthcheckData)
{
healthcheckData.Sites = new List <HealthcheckSite>();
}
private void GenerateTrust(FakeHealthCheckDataGeneratorDomainModel model, HealthcheckData healthcheckData)
{
healthcheckData.Trusts = new List <HealthCheckTrustData>();
}
