Clément Notin
Clément Notin
From: https://github.com/wallarm/jwt-secrets/blob/master/jwt.secrets.list By @d0znpp / @wallarm If the license is compatible of course :)
What do you think of the following before I continue working on it and propose a clean PR? Creating computer accounts is allowed by default with a global parameter, and...
BH v3 does not compute anymore automatically some costly queries such as "transitive object control". The user has to click on the play button to trigger the compute. It works...
Several well-known SIDs are converted to `MappedPrincipal` objects, see: https://github.com/BloodHoundAD/SharpHound/blob/9d71fb7e3033a7da07cf2ba6daaebd11c09bbd7b/Sharphound2/Enumeration/MappedPrincipal.cs This is nice as it allows to perform queries using common names, like "Anonymous" without caring about the local AD...
Situation: I'm doing a `ComputerOnly` collection which includes `Session` collection. Therefore, I except to get a `..._sessions.json` file in the output zip. Observed: the "sessions" file is missing. The reason...
Suggestion: add primary group ID and name for "objects having the primary group attribute changed"
Currently PingCastle shows in the report data about the object itself, but we have to fetch the unusual primary group ID and name ourselves. It would be easier to have...
Similar to d73a7f3442fe387734871e4cf6f66bc9d84f1407 I didn't test it so I recommend doing it if you have the environment to!
This templating engine usually found in ASP.NET can be exploited too. There are a few pointers in [an article](https://clement.notin.org/blog/2020/04/15/Server-Side-Template-Injection-(SSTI)-in-ASP.NET-Razor/) I wrote. Unfortunately I did not have the time yet to...
Same as https://github.com/EmpireProject/Empire/commit/2523f84f0f0b30030d75c7e95927c20bd68b95e6
RPC reply bodies can be either MSG_ACCEPTED or MSG_DENIED: https://www.rfc-editor.org/rfc/rfc1831.html#page-11 MSG_ACCEPTED are 24 bytes long (6 fields of 4 bytes):  This is correctly handled by current code. MSG_DENIED however...