rvazarkar
commented
2 years ago This is probably a bug. Unfortunately, I just missed it in our current release. I'll address this in a future one.
Open rustaska opened 2 years ago
rvazarkar
commented
2 years ago This is probably a bug. Unfortunately, I just missed it in our current release. I'll address this in a future one.
The re-introduced method to get sessions using the Windows Remote Registry uses a regex to filter out user accounts:
SidRegex = new(@"S-1-5-21-[0-9]+-[0-9]+-[0-9]+-[0-9]+$", RegexOptions.Compiled);Line: https://github.com/BloodHoundAD/SharpHoundCommon/blob/3cedabb8ca96b223a0eaae2ad8ef8a3176ab3e82/src/CommonLib/Processors/ComputerSessionProcessor.cs#L15
This regex will also find logged in local users accounts, which will then be in the final JSON result. This is contrary to the other methods used for session enumeration. Is this intended?
Thx for clarification and the great work