LuemmelSec
commented
1 year ago New layout, renaming and reorganization:
Closed LuemmelSec closed 11 months ago
LuemmelSec
commented
1 year ago New layout, renaming and reorganization:
JonasBK
commented
11 months ago Hey Dan,
I just wanted to give you a big shoutout for the incredible work you've done on these queries! Seriously, it's impressive, and we're really grateful for your efforts :)
We've been going through your PR and checking out your latest blog posts, and it's become clear that BloodHound doesn't have a great way of displaying certain information from the database, which could be super useful for the users. Some of the queries you've suggested are giving us results that don't quite hit the mark when it comes to graph representation. Take, for example, the "Return all Azure Subscriptions" query. The graph output ends up being just a bunch of disconnected subscription nodes, which isn't all that helpful. But we get it, users want to be able to browse through all subscriptions. It's just that the graph view with disconnected nodes isn't very useful. What would really be awesome is if we could present users with a list or table that shows all the subscriptions and the relevant node.
Another query worth mentioning is the "Find all Paths to Azure VMs." We totally get the value of showing all the principals that can control any VM, but the graph output isn't the best way to handle it, especially in larger environments. It would be way more practical to have a table that lists the principal name, edge name, and VM name. Some of the existing queries would also benefit from a table view.
For now, we're planning to implement only a subset of the queries you've suggested until we can figure out a way to return the results in a table view. Hope that makes sense.
I've attached a list of the queries we think would make sense to tackle right now, based on your PR. Let me know if you want to update your PR or have any other thoughts. Azure queries result.txt
Thanks a ton for your awesome work!
Cheers, Jonas
LuemmelSec
commented
11 months ago Hey Jonas, thanks for your feedback. I think I have to thank you guys more than you owe me, because I only add to what you guys have done.
That being said, I do not see this as my intelectual property or whatever. Feel free to implement whatever you think makes sense and fits to the tool, just copy pasta I don't care if you merge or not.
I get your point with the table view for certain queries. I just did those for ME. If someone else finds these useful or garbage or whatever is totally fine to me. I see it more like sharing is caring, hence I also host all of them as a seperate repo where everyone is free to fetch whatever fits them.
I think that for table views users are free to use the Neo4j console, at least this is how I do it.
Let me know if you really "need" another PR or adjustments to it, or if you can just merge them. I am no github guy, but I could imagine that you only partly merge the PR?
Thank you mate and have a good one.
JonasBK
commented
11 months ago Hey Dan,
I really appreciate your perspective on this matter. It's awesome to see your dedication to sharing and collaborating. Rest assured, we value your contributions immensely, and we believe they add significant value to the tool.
Based on your response, I will add a commit with the changes to your PR and accept it. This way, you can retain authorship of the commits and you don't have to spend additional time on these modifications.
I think it's great that you have a separate repository where all the queries are hosted. As you say, users can use them in the Neo4j browser if they want to.
Thank you once again for your work and your understanding. Have a fantastic day! :)
As the build in queries were having no entries for Azure related stuff I implemented some that I recently used when walking myself through several attack paths in Azure environments.
They have all been sorted into according categories for a better overview.
Feel free to select the ones that make sense to you guys or seem to be useful.
Already revisited the stuff from @haus3c, deleted stuff that was not useful as well as optimizing certain queries or make them work. I will add to the branch as I am proceeding, so queries will fill up over the time until the merge (if ^^).