Closed spyr0-sec closed 1 year ago
CLA Assistant Lite bot All contributors have signed the CLA ✍️ ✅
I have read the CLA Document and I hereby sign the CLA
Adding this here for reference: https://learn.microsoft.com/en-us/windows-server/identity/laps/laps-technical-reference
The new attribute checks out
Description
In April 2023, MS released their new iteration of LAPS which included a refactor of the LAPS attributes on Computer objects. Currently SharpHound looks for the
ms-acs-admpwdexpirationtime
which is now know asmsLAPS-PasswordExpirationTime
. Therefore this PR is to add that LDAP property and change HasLAPS() logic to return true if the computer object possesses either of this attributes.Motivation and Context
Testing CE in a lab with LAPS configured was not returning any objects with haslaps = True
How Has This Been Tested?
This has not been tested, however this is a (hopefully) simple change which will not break anything.
Types of changes
Checklist: