Fix BUG #70 #71
Fix BUG #70 #71
Conversation
|
CLA Assistant Lite bot All contributors have signed the CLA ✍️ ✅ |
|
I have read the CLA Document and I hereby sign the CLA |
|
Thanks for your contribution @godylockz! I think the fix could produce false positives if a principal has been granted one of the other validated writes such as Validated-DNS-Host-Name. Hence we should check if the principal has been granted Self-Membership specifically or all validated writes. But I think it would make sense to introduce a new edge for all validated writes instead. I will confirm that with the team and get back to you. |
|
I will be awaiting your response, thank you! In the meantime if anyone feels the need to use these new binaries, posting them here. Just FYI, I couldn't find much documentation on how to compile SharpHoundCommon with SharpHound. Obviously had to uncomment and fetch the new version of the .dll file. <!-- <Reference Include="SharpHoundCommonLib, Version=2.0.15.0, Culture=neutral, PublicKeyToken=null">-->
<!-- <HintPath>..\SharpHoundCommon\src\CommonLib\bin\Debug\net462\SharpHoundCommonLib.dll</HintPath>-->
<!-- </Reference>--> |
|
Hi @godylockz, Sorry for having you waiting so long. I have talked to the team and we have decided that it would make the most sense to implement a new edge type named AllValidatedWrites to cover the scenario where a principal has an ACE with Would you be up for updating your PR to create that edge and create the necessary BloodHound change as well? I will be available to guide you :) |
…update BED-3868: Build contains edges from DNs
Description
See BUG #70
Motivation and Context
Properly make the "AddSelf" edge
How Has This Been Tested?
Tested on a OU that has the AddSelf edge is created if you grant "Add/remove self as member" only, but if you select "All validated writes", then the edge is not created.
Types of changes
The self ACL does not require the ACL for WriteMember.