vletoux
commented
4 months ago Same remark for the score modification.
I fixed the spelling mistake as suggestion, adjusted the SMB rule as suggested. And added all links except the MS KB related to ADCS (the rule is about SMB and the link does not talk about it) You should see the changes in the next update
Also your commit was not clean, as it also included changes from the other PR (such as the certipy reference that I already explained in my other comment)
Thanks for your suggestions and the time you spend for doing this
The zero points score of missing SMB signing seems to come from the time before the development of all the coercion + relaying attacks. By now there are many attacks, where the requirement of SMB signing is one of the mitigation, or the only one.