Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CoerceAndRelayNTLMtoADCS Post Processing #1058

Merged
merged 32 commits into from
Jan 30, 2025
Merged

CoerceAndRelayNTLMtoADCS Post Processing #1058

merged 32 commits into from
Jan 30, 2025

Conversation

rvazarkar
Copy link
Contributor

@rvazarkar rvazarkar commented Jan 8, 2025
edited
Loading

Description

Describe your changes in detail

Motivation and Context

This PR addresses: https://specterops.atlassian.net/browse/BED-5029

How Has This Been Tested?

Integration tests created to test specific harnesses

Screenshots (optional):

Types of changes

  • New feature (non-breaking change which adds functionality)

Checklist:

mvlipka and others added 19 commits December 13, 2024 09:31
@mvlipka
BED-5036 implement post processing for CoerceAndRelayNTLMToSMB
0a6a170
@mvlipka
BED-5036 initial integration test pass
e33b88d
@mvlipka
BED-5036 integration test written, working on race condition for test…
a165818 
… harness
@mvlipka
BED-5036 fixed consistency in flapping test
1bf56be
@mvlipka
Merge branch 'main' into BED-5036/CoerceAndRelayNTLMToSMB-PostProcessing
5199625
@mvlipka
BED-5036 added check for restrict_outbound_ntlm on computers. Added t…
b778a2d 
…esting of end nodes in NTLM integration test
@mvlipka
Merge branch 'main' into BED-5036/CoerceAndRelayNTLMToSMB-PostProcessing
fd31478
@mvlipka
BED-5036 remove snake case on restrict_outbound_ntlm
0591bd2
@mvlipka
BED-5036 remove snake case on restrict_outbound_ntlm
34cf583
@mvlipka
BED-5036 address review feedback and cleaned up casing inconsistencies
6baeecb
@rvazarkar
feat: initial NTLMtoADCS commit
808ad2d
@rvazarkar
Merge branch 'BED-5036/CoerceAndRelayNTLMToSMB-PostProcessing' into B…
0387987 
…ED-5029

# Conflicts:
#	packages/cue/bh/ad/ad.cue
#	packages/go/analysis/ad/adcs.go
#	packages/go/analysis/ad/ntlm.go
#	packages/go/graphschema/ad/ad.go
#	packages/javascript/bh-shared-ui/src/graphSchema.ts
@rvazarkar
chore: regen schema, fix merge issues
22b9534
@mvlipka
BED-5036 call operation.Done() when erroring in PostNTLM and reduced …
17a4920 
…tab depth in if blocks
@mvlipka
BED-5036 fix TestPostNTLM naming
2d83249
@mvlipka
Merge branch 'main' into BED-5036/CoerceAndRelayNTLMToSMB-PostProcessing
60f95c6
@rvazarkar
Merge branch 'BED-5036/CoerceAndRelayNTLMToSMB-PostProcessing' into B…
e67428b 
…ED-5029
@rvazarkar
Merge branch 'main' into BED-5029
f3b8b6c 
# Conflicts:
#	packages/cue/bh/ad/ad.cue
#	packages/go/analysis/ad/ntlm.go
#	packages/go/graphschema/ad/ad.go
#	packages/javascript/bh-shared-ui/src/graphSchema.ts
@rvazarkar
chore: regen schema, fix merge issues
69fe537
@juggernot325 juggernot325 marked this pull request as draft January 23, 2025 18:27
@rvazarkar
Merge branch 'main' into BED-5029
65fc634 
# Conflicts:
#	packages/go/analysis/ad/adcscache.go
#	packages/go/graphschema/ad/ad.go
#	packages/javascript/bh-shared-ui/src/graphSchema.ts
@rvazarkar
chore: regen schema
c6e4096
@rvazarkar
chore: missing return
88ba55e
@rvazarkar
Merge branch 'main' into BED-5029
bfbd507
@rvazarkar
feat: add tests, fix tests for CoerceToSMB
a1600b2
@rvazarkar rvazarkar marked this pull request as ready for review January 30, 2025 15:15
@rvazarkar rvazarkar changed the title WIP: RelayNTLMtoADCS Post Processing CoerceAndRelayNTLMtoADCS Post Processing Jan 30, 2025
mistahj67
mistahj67 reviewed Jan 30, 2025
View reviewed changes
packages/go/analysis/ad/adcscache.go
Comment on lines +74 to +79
if enterpriseCertAuthorities, err := FetchNodesByKind(ctx, db, ad.EnterpriseCA); err != nil {
return fmt.Errorf("failed fetching enterpriseCA nodes: %w", err)
} else if certTemplates, err := FetchNodesByKind(ctx, db, ad.CertTemplate); err != nil {
return fmt.Errorf("failed fetching certTemplate nodes: %w", err)
} else if domains, err := FetchNodesByKind(ctx, db, ad.Domain); err != nil {
return fmt.Errorf("failed fetching domain nodes: %w", err)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure which is faster, 3 separate fetch nodes by kind or 1 fetch with these 3 kinds and then loop the results and have a switch case based on the node kind and the 3 separate actions as either smaller functions or just toss each of the below blocks into the case. Might be 6 one way, half a dozen the other but thought I'd toss the idea out

packages/go/analysis/ad/ntlm.go Outdated Show resolved Hide resolved
packages/go/analysis/ad/ntlm.go Show resolved Hide resolved
packages/go/analysis/ad/adcs.go Show resolved Hide resolved
@rvazarkar rvazarkar added the enhancement New feature or request label Jan 30, 2025
@rvazarkar rvazarkar self-assigned this Jan 30, 2025
mistahj67
mistahj67 approved these changes Jan 30, 2025
View reviewed changes
Copy link
Contributor

@mistahj67 mistahj67 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code LGTM

@rvazarkar rvazarkar merged commit 78bd0da into main Jan 30, 2025
8 checks passed
@rvazarkar rvazarkar deleted the BED-5029 branch January 30, 2025 18:08
@github-actions github-actions bot locked and limited conversation to collaborators Jan 30, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@mistahj67 mistahj67 mistahj67 approved these changes

@mvlipka mvlipka mvlipka approved these changes

Assignees

@rvazarkar rvazarkar

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@rvazarkar @mvlipka @mistahj67