BloodHound icon indicating copy to clipboard operation
BloodHound copied to clipboard
verified publisher icon SpecterOps

Feature: Support for WMI Filter objects

Open Signum21 opened this issue 9 months ago • 0 comments

Feature Description

WMI Filters are AD objects with class msWMI-Som that can be applied to GPOs. By modifying the filter, specific AD objects such as computers can be excluded from the GPO.

Are you intending to implement this feature?

No

Current Behavior

SharpHound and BloodHound do not collect or show this information.

Desired Behavior

A new node should be created for the WMI Filter objects and a new Edge to link the GPOs with the filters. Also a new edge to specify write rights over the filter.

Use Case

This can be useful, for example, to exempt a device from a security-restricting policy.

Additional Information

More information: https://rastamouse.me/ous-and-gpos-and-wmi-filters-oh-my/

Signum21 avatar Mar 23 '25 22:03 Signum21