Improve "What permissions does Everyone/Authenticated users/Domain users/Domain computers have" rule

seajaysec / cypheroth

Automated, extensible toolset that runs cypher queries against Bloodhound's Neo4j backend and saves output to spreadsheets.

BSD 2-Clause "Simplified" License

251 stars 42 forks source link

Improve "What permissions does Everyone/Authenticated users/Domain users/Domain computers have" rule #13

Closed cnotin closed 4 years ago

cnotin commented 4 years ago

Exact "objectsid" match use "=" comparison instead of "starts with" Return type of the target objects Add "Anonymous" to the "dangerous" groups for ACL (along Domain Users, Everyone, etc.)

cnotin commented 4 years ago

Ping @seajaysec :)

seajaysec commented 4 years ago

Great improvement. Thank you.