I noticed that when querying Bloodhound to get a list of machines where Domain users can RDP to, it only lists the machines where the single node "domain users" has a direct canRDP relationtype with the computer objects.
The existing query does not take into account that Domain Users can be member of a group, and it's this group that has a canRDP relationship with the computers.
This PR fixes that, and is basically the union of the builtin queries: First Degree RDP Privileges and Group Delegated RDP Privileges.
In addition:
I added new queries to return paths from authenticated users->RDP->computers, with a distinction machines != servers.
the case of some keywords were switched to uppercase for clarity.
ShutdownRepo
commented
6 months ago
Dear team,
I noticed that when querying Bloodhound to get a list of machines where Domain users can RDP to, it only lists the machines where the single node "domain users" has a direct canRDP relationtype with the computer objects.
The existing query does not take into account that Domain Users can be member of a group, and it's this group that has a canRDP relationship with the computers.
This PR fixes that, and is basically the union of the builtin queries:
First Degree RDP PrivilegesandGroup Delegated RDP Privileges.In addition: