From 104a54ee11e5b8d7ce2b1e41f9f3d11cce904709 Mon Sep 17 00:00:00 2001
From: Brandon Shearin <bshearin@specterops.io>
Date: Wed, 17 Jan 2024 12:40:20 -0500
Subject: [PATCH] DCFor: edge info panel static content (#319)

* bug fix

* Revert "bug fix"

This reverts commit 578b8592d915630a2dd56df8c5b7e74c98f288b2.

* edge info panel, DCFor

* add dcfor to index.tsx
---
 .../src/components/HelpTexts/DCFor/DCFor.tsx  | 31 ++++++++++++++++++
 .../components/HelpTexts/DCFor/General.tsx    | 32 +++++++++++++++++++
 .../components/HelpTexts/DCFor/LinuxAbuse.tsx | 31 ++++++++++++++++++
 .../src/components/HelpTexts/DCFor/Opsec.tsx  | 30 +++++++++++++++++
 .../components/HelpTexts/DCFor/References.tsx | 31 ++++++++++++++++++
 .../HelpTexts/DCFor/WindowsAbuse.tsx          | 31 ++++++++++++++++++
 .../src/components/HelpTexts/index.tsx        |  2 ++
 7 files changed, 188 insertions(+)
 create mode 100644 packages/javascript/bh-shared-ui/src/components/HelpTexts/DCFor/DCFor.tsx
 create mode 100644 packages/javascript/bh-shared-ui/src/components/HelpTexts/DCFor/General.tsx
 create mode 100644 packages/javascript/bh-shared-ui/src/components/HelpTexts/DCFor/LinuxAbuse.tsx
 create mode 100644 packages/javascript/bh-shared-ui/src/components/HelpTexts/DCFor/Opsec.tsx
 create mode 100644 packages/javascript/bh-shared-ui/src/components/HelpTexts/DCFor/References.tsx
 create mode 100644 packages/javascript/bh-shared-ui/src/components/HelpTexts/DCFor/WindowsAbuse.tsx

diff --git a/packages/javascript/bh-shared-ui/src/components/HelpTexts/DCFor/DCFor.tsx b/packages/javascript/bh-shared-ui/src/components/HelpTexts/DCFor/DCFor.tsx
new file mode 100644
index 0000000000..89bed33e44
--- /dev/null
+++ b/packages/javascript/bh-shared-ui/src/components/HelpTexts/DCFor/DCFor.tsx
@@ -0,0 +1,31 @@
+// Copyright 2024 Specter Ops, Inc.
+//
+// Licensed under the Apache License, Version 2.0
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// SPDX-License-Identifier: Apache-2.0
+
+import General from './General';
+import WindowsAbuse from './WindowsAbuse';
+import LinuxAbuse from './LinuxAbuse';
+import Opsec from './Opsec';
+import References from './References';
+
+const DCFor = {
+    general: General,
+    windowsAbuse: WindowsAbuse,
+    linuxAbuse: LinuxAbuse,
+    opsec: Opsec,
+    references: References,
+};
+
+export default DCFor;
diff --git a/packages/javascript/bh-shared-ui/src/components/HelpTexts/DCFor/General.tsx b/packages/javascript/bh-shared-ui/src/components/HelpTexts/DCFor/General.tsx
new file mode 100644
index 0000000000..cf669a2b50
--- /dev/null
+++ b/packages/javascript/bh-shared-ui/src/components/HelpTexts/DCFor/General.tsx
@@ -0,0 +1,32 @@
+// Copyright 2024 Specter Ops, Inc.
+//
+// Licensed under the Apache License, Version 2.0
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// SPDX-License-Identifier: Apache-2.0
+
+import { FC } from 'react';
+import { EdgeInfoProps } from '../index';
+import { Typography } from '@mui/material';
+
+const General: FC<EdgeInfoProps> = () => {
+    return (
+        <>
+            <Typography variant='body2'>
+                This edge indicates that the computer is a domain controller for the domain. This edge is not created
+                for read-only domain controllers.
+            </Typography>
+        </>
+    );
+};
+
+export default General;
diff --git a/packages/javascript/bh-shared-ui/src/components/HelpTexts/DCFor/LinuxAbuse.tsx b/packages/javascript/bh-shared-ui/src/components/HelpTexts/DCFor/LinuxAbuse.tsx
new file mode 100644
index 0000000000..f8a2c9f149
--- /dev/null
+++ b/packages/javascript/bh-shared-ui/src/components/HelpTexts/DCFor/LinuxAbuse.tsx
@@ -0,0 +1,31 @@
+// Copyright 2024 Specter Ops, Inc.
+//
+// Licensed under the Apache License, Version 2.0
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// SPDX-License-Identifier: Apache-2.0
+
+import { FC } from 'react';
+import { Typography } from '@mui/material';
+
+const LinuxAbuse: FC = () => {
+    return (
+        <Typography variant='body2'>
+            Domain Controllers store all Active Directory credentials and configurations for all principals in the
+            domain. If an adversary gains administrative access to a Domain Controller, there are several options at
+            their disposal for compromising domain identities and domain-managed systems. Please see the references
+            section for more information.
+        </Typography>
+    );
+};
+
+export default LinuxAbuse;
diff --git a/packages/javascript/bh-shared-ui/src/components/HelpTexts/DCFor/Opsec.tsx b/packages/javascript/bh-shared-ui/src/components/HelpTexts/DCFor/Opsec.tsx
new file mode 100644
index 0000000000..0ba74e5209
--- /dev/null
+++ b/packages/javascript/bh-shared-ui/src/components/HelpTexts/DCFor/Opsec.tsx
@@ -0,0 +1,30 @@
+// Copyright 2024 Specter Ops, Inc.
+//
+// Licensed under the Apache License, Version 2.0
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// SPDX-License-Identifier: Apache-2.0
+
+import { FC } from 'react';
+import { Typography } from '@mui/material';
+
+const Opsec: FC = () => {
+    return (
+        <Typography variant='body2'>
+            Domain Controllers are universally among the most sensitive systems in Active Directory, and are often
+            closely monitored by defenders. Attacks that rely on administrative access to a domain controller may
+            produce artifacts that defenders will see as reliable and urgent indicators of compromise.
+        </Typography>
+    );
+};
+
+export default Opsec;
diff --git a/packages/javascript/bh-shared-ui/src/components/HelpTexts/DCFor/References.tsx b/packages/javascript/bh-shared-ui/src/components/HelpTexts/DCFor/References.tsx
new file mode 100644
index 0000000000..00087ace32
--- /dev/null
+++ b/packages/javascript/bh-shared-ui/src/components/HelpTexts/DCFor/References.tsx
@@ -0,0 +1,31 @@
+// Copyright 2024 Specter Ops, Inc.
+//
+// Licensed under the Apache License, Version 2.0
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// SPDX-License-Identifier: Apache-2.0
+
+import { FC } from 'react';
+import { Link, Box } from '@mui/material';
+
+const References: FC = () => {
+    return (
+        <Box sx={{ overflowX: 'auto' }}>
+            <Link target='_blank' rel='noopener' href='https://adsecurity.org/?p=3700'>
+                Beyond Domain Admins
+            </Link>
+            <br />
+        </Box>
+    );
+};
+
+export default References;
diff --git a/packages/javascript/bh-shared-ui/src/components/HelpTexts/DCFor/WindowsAbuse.tsx b/packages/javascript/bh-shared-ui/src/components/HelpTexts/DCFor/WindowsAbuse.tsx
new file mode 100644
index 0000000000..856d4456ef
--- /dev/null
+++ b/packages/javascript/bh-shared-ui/src/components/HelpTexts/DCFor/WindowsAbuse.tsx
@@ -0,0 +1,31 @@
+// Copyright 2024 Specter Ops, Inc.
+//
+// Licensed under the Apache License, Version 2.0
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// SPDX-License-Identifier: Apache-2.0
+
+import { FC } from 'react';
+import { Typography } from '@mui/material';
+
+const WindowsAbuse: FC = () => {
+    return (
+        <Typography variant='body2'>
+            Domain Controllers store all Active Directory credentials and configurations for all principals in the
+            domain. If an adversary gains administrative access to a Domain Controller, there are several options at
+            their disposal for compromising domain identities and domain-managed systems. Please see the references
+            section for more information.
+        </Typography>
+    );
+};
+
+export default WindowsAbuse;
diff --git a/packages/javascript/bh-shared-ui/src/components/HelpTexts/index.tsx b/packages/javascript/bh-shared-ui/src/components/HelpTexts/index.tsx
index 9b2a7ec491..211f844225 100644
--- a/packages/javascript/bh-shared-ui/src/components/HelpTexts/index.tsx
+++ b/packages/javascript/bh-shared-ui/src/components/HelpTexts/index.tsx
@@ -68,6 +68,7 @@ import CanPSRemote from './CanPSRemote/CanPSRemote';
 import CanRDP from './CanRDP/CanRDP';
 import Contains from './Contains/Contains';
 import DCSync from './DCSync/DCSync';
+import DCFor from './DCFor/DCFor';
 import DelegatedEnrollmentAgent from './DelegatedEnrollmentAgent/DelegatedEnrollmentAgent';
 import DumpSMSAPassword from './DumpSMSAPassword/DumpSMSAPassword';
 import ADCSESC3 from './ADCSESC3/ADCSESC3';
@@ -210,6 +211,7 @@ const EdgeInfoComponents = {
     ManageCertificates: ManageCertificates,
     WritePKIEnrollmentFlag: WritePKIEnrollmentFlag,
     WritePKINameFlag: WritePKINameFlag,
+    DCFor: DCFor,
 };
 
 export default EdgeInfoComponents;