Open scmanjarrez opened 2 months ago
I'll leave here some fixes to the customqueries.json, just in case someone stumble upon these errors
Query:
Find all sessions a user in a specific domain has
Find an object from domain 'A' that can do anything to a foreign object
Fix:
Change
{domain:{result}}
for{domain: $result}
Query:
Find Kerberoastable users and where they are AdminTo
Fix:
Change
RETURN u
forRETURN u1
Query:
Find All Users with an SPN/Find all Kerberoastable Users with passwords last set > 5 years ago
Fix:
- Remove
WHERE
keyword inAND WHERE u.pwdlastset
Change
n.hasspn
foru.hasspn
Query:
Find all computers with unsupported operating systems
Fix:
- Change to query to be
MATCH (H:Computer) WHERE H.operatingsystem =~ '(?i).(2000|2003|2008|xp|vista|7|me).' RETURN H
This update is based on a comment in the original blog
I'll leave here some fixes to the customqueries.json, just in case someone stumble upon these errors
Query:
Find all sessions a user in a specific domain has
Find an object from domain 'A' that can do anything to a foreign object
Fix:
Change
{domain:{result}}
for{domain: $result}
Query:
Find Kerberoastable users and where they are AdminTo
Fix:
Change
RETURN u
forRETURN u1
Query:
Find All Users with an SPN/Find all Kerberoastable Users with passwords last set > 5 years ago
Fix:
WHERE
keyword inAND WHERE u.pwdlastset
Change
n.hasspn
foru.hasspn
Query:
Find all computers with unsupported operating systems
Fix:
MATCH (H:Computer) WHERE H.operatingsystem =~ '(?i).(2000|2003|2008|xp|vista|7|me).' RETURN H