I have a situation that sharphound does collect data very slowly (~0.25 objects per second) and then once done, it only contains a users.json and groups.json.
I've tried with the exe and the ps1 version. Params used are
--CollectionMethod All,GPOLocalGroup --statusinterval 10000 --Domain <domain>
When i use the same creds to connect to the ad using e.g. adexplorer from sysinternals, i can browse around in different OUs etc. and I can also see computers.
Also, manual ADSI exploring with PowerShell (via adsisearcher) seems to be no problem.
Is it possible that some IDS / IPS system or similar in the network could somehow recognizes the scans and then blocks or drops a lot of requests? Is there maybe a manual PowerShell query I could try out to do some more debugging?
I'll close the issue because during the same evening it suddenly started collecting with normal speed... (also i just realized I opened an issue in the old sharphound repo, sorry for that 😑)
Hello there,
I have a situation that sharphound does collect data very slowly (~0.25 objects per second) and then once done, it only contains a users.json and groups.json. I've tried with the exe and the ps1 version. Params used are
--CollectionMethod All,GPOLocalGroup --statusinterval 10000 --Domain <domain>
When i use the same creds to connect to the ad using e.g. adexplorer from sysinternals, i can browse around in different OUs etc. and I can also see computers. Also, manual ADSI exploring with PowerShell (via adsisearcher) seems to be no problem.
Is it possible that some IDS / IPS system or similar in the network could somehow recognizes the scans and then blocks or drops a lot of requests? Is there maybe a manual PowerShell query I could try out to do some more debugging?
Thanks for any help!