CoerceToTGT edge redo

[elikmiller]

Description

A new traversable edge named CoerceToTGT from computers and users configured with unconstrained delegation to the domain.

Motivation and Context

When a victim user or computer authenticate to a Kerberos service of a principal with unconstrained delegation, a TGT (reusable credentials) of the target is sent to the principal. An attacker with such a principal can use one of the many coercion techniques to get a privileged computer (e.g. DC) to authenticate to a compromised host and thereby compromise the environment.

This PR addresses: BP-982

How Has This Been Tested?

Added an ingest test.

Uploaded this data set which results in the edges of the screenshot: CoerceToTGT_BloodHound.zip

Use this Cypher query to get the edges showing: MATCH p=()-[r:CoerceToTGT]->() RETURN p

Screenshots (optional):

Types of changes

• New feature (non-breaking change which adds functionality)

Checklist:

• [x] I have met the contributing prerequisites
  • Assigned myself to this PR
  • Added the appropriate labels
  • Associated an issue: https://github.com/SpecterOps/BloodHound/issues/672
  • Read the Contributing guide: https://github.com/SpecterOps/BloodHound/wiki/Contributing
• [x] I have ensured that related documentation is up-to-date
  • Open API docs
  • Code comments (GoDocs / JSDocs)
• [x] I have followed proper test practices
  • Added/updated tests to cover my changes
  • All new and existing tests passed