testing

packages/cue/bh/ad/ad.cue

@@ -1293,9 +1293,10 @@ SyncedToEntraUser: types.#Kind & {
 	schema: "active_directory"
 }
 
-ALL_AD_ATTACKS: types.#Kind & {
-	symbol: "ALL_AD_ATTACKS"
+AllADAttacks: types.#Kind & {
+	symbol: "AllADAttacks"
 	schema: "active_directory"
+	representation: "ALL_AD_ATTACKS"
 }
 
 // Relationship Kinds
@@ -1369,7 +1370,7 @@ RelationshipKinds: [
 	ADCSESC10b,
 	ADCSESC13,
 	SyncedToEntraUser,
-	ALL_AD_ATTACKS
+	AllADAttacks
 ]
 
 // ACL Relationships

packages/cue/bh/azure/azure.cue

@@ -723,6 +723,12 @@ SyncedToADUser: types.#Kind & {
 	representation:	"SyncedToADUser"
 }
 
+AllAZAttacks: types.#Kind & {
+	symbol: "AllAZAttacks"
+	schema: "azure"
+	representation: "ALL_AZ_ATTACKS"
+}
+
 RelationshipKinds: [
 	AvereContributor,
 	Contains,
@@ -771,6 +777,7 @@ RelationshipKinds: [
 	AZMGGrantAppRoles,
 	AZMGGrantRole,
 	SyncedToADUser,
+	AllAZAttacks
 ]
 
 AppRoleTransitRelationshipKinds: [

packages/go/cypher/models/cypher/format/format.go

@@ -24,6 +24,7 @@ import (
 
 	"github.com/specterops/bloodhound/cypher/models/cypher"
 	"github.com/specterops/bloodhound/graphschema/ad"
+	"github.com/specterops/bloodhound/graphschema/azure"
 
 	"github.com/specterops/bloodhound/dawgs/graph"
 )
@@ -38,18 +39,14 @@ func writeJoinedKinds(output io.Writer, delimiter string, kinds graph.Kinds) err
 			}
 		}
 
-		// expand token to all pathfinding relationships in AD
+		// if kind is a shortcut edge type, further expansion is required
 		if kind == ad.AllADAttacks {
-			for idx, relType := range ad.PathfindingRelationships() {
-				if idx > 0 {
-					if _, err := io.WriteString(output, delimiter); err != nil {
-						return err
-					}
-				}
-
-				if _, err := io.WriteString(output, relType.String()); err != nil {
-					return err
-				}
+			if err := writeJoinedKinds(output, delimiter, ad.PathfindingRelationships()); err != nil {
+				return err
+			}
+		} else if kind == azure.AllAZAttacks {
+			if err := writeJoinedKinds(output, delimiter, azure.PathfindingRelationships()); err != nil {
+				return err
 			}
 		} else {
 			if _, err := io.WriteString(output, kind.String()); err != nil {

packages/go/cypher/test/cases/positive_tests.json

@@ -1,10 +1,11 @@
 {
     "test_cases": [
         {
-            "name": "brandon testing",
+            "name": "ALL_AD_ATTACKS shortcut",
             "type": "string_match",
             "details": {
-                "query": "match p = (a)-[:CanRDP|ALL_AD_ATTACKS]->(b) return p",
+                "query": "match p = ()-[:ALL_AD_ATTACKS]->() return p",
+                "matcher": "match p = \\(\\)-\\[:Owns|GenericAll|GenericWrite|WriteOwner|WriteDacl|MemberOf|ForceChangePassword|AllExtendedRights|AddMember|HasSession|Contains|GPLink|AllowedToDelegate|TrustedBy|AllowedToAct|AdminTo|CanPSRemote|CanRDP|ExecuteDCOM|HasSIDHistory|AddSelf|DCSync|ReadLAPSPassword|ReadGMSAPassword|DumpSMSAPassword|SQLAdmin|AddAllowedToAct|WriteSPN|AddKeyCredentialLink|SyncLAPSPassword|WriteAccountRestrictions|WriteGPLink|GoldenCert|ADCSESC1|ADCSESC3|ADCSESC4|ADCSESC5|ADCSESC6a|ADCSESC6b|ADCSESC7|ADCSESC9a|ADCSESC9b|ADCSESC10a|ADCSESC10b|ADCSESC13|DCFor|SyncedToEntraUser\\]->\\(\\) return p",
                 "complexity": 3
             },
             "targeted": true

packages/javascript/bh-shared-ui/src/commonSearches.tsx

@@ -14,13 +14,13 @@
 //
 // SPDX-License-Identifier: Apache-2.0
 
-import { ActiveDirectoryPathfindingEdges, AzurePathfindingEdges } from './graphSchema';
+import { ActiveDirectoryRelationshipKind, AzureRelationshipKind } from './graphSchema';
 
 const categoryAD = 'Active Directory';
 const categoryAzure = 'Azure';
 
-const azureTransitEdgeTypes = AzurePathfindingEdges().join('|');
-const adTransitEdgeTypes = ActiveDirectoryPathfindingEdges().join('|');
+const adTransitEdgeTypes = ActiveDirectoryRelationshipKind.AllADAttacks;
+const azureTransitEdgeTypes = AzureRelationshipKind.AllAZAttacks;
 
 const highPrivilegedRoleDisplayNameRegex =
     'Global Administrator.*|User Administrator.*|Cloud Application Administrator.*|Authentication Policy Administrator.*|Exchange Administrator.*|Helpdesk Administrator.*|Privileged Authentication Administrator.*';

packages/javascript/bh-shared-ui/src/graphSchema.ts

@@ -140,7 +140,7 @@ export enum ActiveDirectoryRelationshipKind {
     ADCSESC10b = 'ADCSESC10b',
     ADCSESC13 = 'ADCSESC13',
     SyncedToEntraUser = 'SyncedToEntraUser',
-    ALL_AD_ATTACKS = 'ALL_AD_ATTACKS',
+    AllADAttacks = 'ALL_AD_ATTACKS',
 }
 export function ActiveDirectoryRelationshipKindToDisplay(value: ActiveDirectoryRelationshipKind): string | undefined {
     switch (value) {
@@ -282,8 +282,8 @@ export function ActiveDirectoryRelationshipKindToDisplay(value: ActiveDirectoryR
             return 'ADCSESC13';
         case ActiveDirectoryRelationshipKind.SyncedToEntraUser:
             return 'SyncedToEntraUser';
-        case ActiveDirectoryRelationshipKind.ALL_AD_ATTACKS:
-            return 'ALL_AD_ATTACKS';
+        case ActiveDirectoryRelationshipKind.AllADAttacks:
+            return 'AllADAttacks';
         default:
             return undefined;
     }
@@ -780,6 +780,7 @@ export enum AzureRelationshipKind {
     AZMGGrantAppRoles = 'AZMGGrantAppRoles',
     AZMGGrantRole = 'AZMGGrantRole',
     SyncedToADUser = 'SyncedToADUser',
+    AllAZAttacks = 'ALL_AZ_ATTACKS',
 }
 export function AzureRelationshipKindToDisplay(value: AzureRelationshipKind): string | undefined {
     switch (value) {
@@ -877,6 +878,8 @@ export function AzureRelationshipKindToDisplay(value: AzureRelationshipKind): st
             return 'AZMGGrantRole';
         case AzureRelationshipKind.SyncedToADUser:
             return 'SyncedToADUser';
+        case AzureRelationshipKind.AllAZAttacks:
+            return 'AllAZAttacks';
         default:
             return undefined;
     }