SharpHoundCommon
SharpHoundCommon copied to clipboard
BloodHoundAD
Extraction of password policies and some registry values from the GptTmpl file
With this PR, the GptTmpl.inf file is parsed more in depth, to extract:
- MinimumPasswordAge
- MaximumPasswordAge
- MinimumPasswordLength
- PasswordComplexity
- PasswordHistorySize
- ClearTextPassword
- RequiresServerSMBSigning
- EnablesServerSMBSigning
- RequiresClientSMBSigning
- EnablesClientSMBSigning
- RequiresLDAPClientSigning
- LmCompatibilityLevel If a key is not found, the field is left empty. This extension is triggered with the collection method GPOLocalGroup and the changes are visible in the domains.json and the ous.json files.
CLA Assistant Lite bot All contributors have signed the CLA ✍️ ✅
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
This is pretty cool, we've been talking about pulling more info out of GPOs for a while. Will take a look and discuss internally
The extraction of the following lockout policies has been added:
- LockoutDuration
- LockoutBadCount
- ResetLockoutCount
- ForceLogoffWhenHourExpire
Also, some GPO precedences have been added to visualize the really applied GPO rules:
- link order (already existing)
- domain rules applied before the OU ones (already existing)
- blockInheritance
- enforced
- nested OU
Indeed, this PR is related to the BloodHoundAD/BloodHound#672 one, where the main part of the precedences are managed.
The PR has been updated once more to add the extraction of:
- CachedLogonsCount
- LDAPEnforceChannelBinding
Moreover, the ingestion and the visualization have been implemented in a new PR for the new BloodHound version.
Hello, please see my comment here: https://github.com/SpecterOps/BloodHound/pull/178#issuecomment-1969184434
