Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Modified BH customqueries to find T0 assets #385

Merged
merged 1 commit into from
Sep 28, 2024
Merged

Modified BH customqueries to find T0 assets #385

merged 1 commit into from
Sep 28, 2024

Conversation

Dreyvor
Copy link
Contributor

@Dreyvor Dreyvor commented Sep 11, 2024

Description

  • Updating 2 Bloodhound custom queries used to find Tier 0 objects in the AD to search in a broader way.
  • Adding a new Bloodhound custom query to find enabled Tier 0 computers based on their Service Principal Names (SPNs). Useful when you are looking for backup servers located in the domain which have random computer names and/or descriptions.

Related issues

I forgot to sign the commits in my previous PR #384...

Point of attention

The words used in the new query which parses SPNs could be tailored more accurately. I do not have enough Bloodhound data for now to offer a more accurate filter. Feel free to change it with your own list during your internal assessments.

ShutdownRepo
ShutdownRepo approved these changes Sep 19, 2024
View reviewed changes
Copy link
Member

@ShutdownRepo ShutdownRepo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for the pull request! Will merge soon
As for the wording, fine by me. If you find any more, don't hesitate to create a new PR! We'll add keywords of our own if we think of some.

@ShutdownRepo ShutdownRepo added enhancement New feature or request ready for merge in the waitlist for merge, requires preliminary steps labels Sep 19, 2024
@ShutdownRepo ShutdownRepo merged commit 5dd2693 into ThePorgs:dev Sep 28, 2024
@QU35T-code QU35T-code mentioned this pull request Oct 18, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ShutdownRepo ShutdownRepo ShutdownRepo approved these changes

Assignees
No one assigned
Labels
enhancement New feature or request ready for merge in the waitlist for merge, requires preliminary steps
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Dreyvor @ShutdownRepo