SharpHoundCommon
SharpHoundCommon copied to clipboard
Add NTLMv1 flag on GPO
Similar to https://github.com/BloodHoundAD/SharpHound3/pull/47
If GPO object forces LmCompatibilityLevel to be less than 3, then the computers it will be applied on will use NTLMv1 when authenticating.
This information seems very useful from an attacking perspective as authentication can be coerced and NTLMv1 hash cracked or relayed without MIC
(Also https://github.com/BloodHoundAD/SharpHound/pull/87 on SharpHound)
CLA Assistant Lite bot All contributors have signed the CLA ✍️ ✅
I have read the CLA Document and I hereby sign the CLA
The implementation seems fine, but I'm sort of debating if it makes more sense to just merge this in with the existing gpo object processor stuff. @definitelynotagoblin @ddlees do either of you have any feelings on this? It is doing a bit more than our normal object processor does, but generally our processors are loosely linked to a particular collection method, so I think this would probably fit in ObjectProps instead