Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
chore: add ingest integration tests for adcs information (#256)
* c/p ADCS stuff from monorepo * Adcs poc updates (#133) * added authentication for feature flag endpoint (#131) * chore: update incoming model structs and rename enrollmentservice to enterpriseca * chore: rename enrollmentservice-entity.json to enterpriseca-entity.json --------- Co-authored-by: Irshad Ajmal Ahmed <[email protected]> * chore: handle isaclprotected and isdelted in ConvertObjectToNode, update enterpriseca ingestion, add properties to ad schema (#135) * chore: handle isaclprotected and isdelted in ConvertObjectToNode, update enterpriseca ingestion, add properties to ad schema * chore: update ad cue schema * feat: create ntauthstorefor edges during ingest * chore: cleanup commented code * chore: remove some property setting from the API and handle instead in SharpHound * chore: update string equality checks to use defined constants * chore: define constant for AccessAllowedCallback * fix: typos, move isaclprotected property setting to collector * chore: Ingest DCRegistryData (#140) * Ingest DCRegistryData for Computers * Update cue files for DCRegistryData properties * feat: add IssuedSignedBy post processing (#144) * feat: add IssuedSignedBy post processing * fix: actually do the real post * chore: rename function for clarity * chore: dry and remove parallelism to a degree * chore: properly account for error * chore: make edges to rootca and enterpriseca for IssuedSignedBy * chore: genericize findMatchingCertChainIDs * chore: use helper * chore: add index for CertThumbprint * feat: ntauthstorefor (#146) --------- Co-authored-by: Ulises Rangel <[email protected]> * feat: Add post-processing logic for EnterpriseCAFor edges (#148) * chore: wire up post processing for currently existing adcs handlers (#150) * EnrollOnBehalfOf Post Processing (#151) * feat: initial EnrollOnBehalfOf post processing * chore: rerun schemagen * fix: actually use param * chore: pass in operation to PostEnrollOnBehalfOf * chore: remove duplicated post edge chore: replace %v with %w chore: add a log in an else fix: change eku name * Update icons for ADCS nodes (#155) * Update EnterpriseCA icon (#155) * Store raw CertificateMappingMethods integer value (#154) * feat: add edge information components for some of the new adcs edges (#152) * feat: add edge information components for some of the new adcs edges * chore: implement feedback * feat: handle dc reg values not existing (#166) * feat: handle dc reg values not existing * Address code revie comments * Bed 3789 - ADCSESC1 (#165) * chore: initial WIP commit * wip: split property resolution from validation logic * feat: initial ESC1 POC * chore: change some ordering, fix up some esc1 issues * chore: fix var type * chore: fix a couple more things * feat: first draft cross product matcher * feat: create generic cross product shortcutter and polish it a bit * fix: regen schema * chore: uncomment harness case * chore: remove commented code fix: remove owns rel * test: add a test for ESC1 * test: add another test * test: add another test * test: add last harness * test: add harness svg/jsons for ESC1 * chore: fix weird ordering * chore: fix var name, remove domainsid from harness as its unnecessary --------- Co-authored-by: Ulises Rangel <[email protected]> * feat: add golden cert post processing to adcs (#180) * wip: golden cert post processing * chore: add integration test and harness for golden cert post processing * chore: Add migration for new data quality attributes for ADCS nodes (#187) * EnrollOnBehalfOf Post Processing (#176) * tests: add tests for EnrollOnBehalfOf * tests: add harness diagrams * chore: fix harness rep chore: remove bad allocation * fix: check result of channel submit * Fix print version of CertTemplate attributes (#189) * fix: TrustedForNTAuth bug (#199) * fix: add missing ADCS edges to path filter (#186) * feat: Contains edges from DN for ADSC objects (#203) * remove ADCSESC2 (#193) * BED-3869: ADCS edges help text (#185) * feat: HostsCAService edge helptext * feat: DelegatedEnrollmentAgent edge helptext * feat: EnrollOnBehalfOf edge helptext * chore: update EnrollOnBehalfOf help text * chore: update EnrollOnBehalfOf help text * fixed the display version of the new node type names * chore: Add GoldenCert help text * chore: fix help text grammar mistakes * fix: order of ADCS post-processing (#208) * chore: run just schemagen * fix: EnterpriseCA reg data ingest * feat: add EnterpriseCA properties (#213) * chore: move post local groups to bhce packages for use in BHE, run license generation for headers (#209) * Create ADCS feature flag and wrap associated code (#216) * feat: Add adcs flag to default flags * feat: Add new middleware for preventing access to feature flagged routes and put ADCS related routes behind it * chore: wrap ADCS ingest and post-processing by feature flag * feat: create help text components for esc3 (#212) * feat: create help text components for esc3 * chore: change edge name to adcsesc3 and format code * ADCS Edge Composition Visibility (#224) * wip: wip commit * feat: esc1 edge detail cypher * chore: use helpers to clean up code * chore: fix merge * fix: use CAs from first query into second query * wip: Trying to hook up ADCSESC1 details query to API * chore: a bit of refactoring * chore: add endpoint and fix handler * feat: add esc1 edge info content * chore: improve esc1 abuse info * chore: formatting changes * wip: wip edge details * chore: improve esc1 edge info * wip: display a list of nodes when expanding the detail section of an adcsesc1 edge panel * wip: display a list of nodes when expanding the detail section of an adcsesc1 edge panel * feat: better icon colors for ADCS nodes * feat: update getEdgeDetails endpoint with optional options parameter * wip: display a list of nodes when expanding the detail section of an adcsesc1 edge panel * wip: esc1 edge detail fix * wip: actually fix esc 1 * feat: ensure non-transit edges are not included in pathfinding * chore: fix typo * handle case when details endpoint returns empty result set * feat: GoldenCert details (#223) * factor out VirtualizedNodeList component * replace faBuilding icon with faGlobe icon in DataSelector.tsx * removing HostsCAService from pathfinding * missing license * formatting changes * rename edge details to edge composition * rename edge details to graphs/edge-composition. no more bike shedding! * chore: addressing PR feedback and minor cleanups --------- Co-authored-by: rvazarkar <[email protected]> Co-authored-by: James Barnett <[email protected]> Co-authored-by: jknudsen <[email protected]> Co-authored-by: Jonas Bülow Knudsen <[email protected]> * feat: helptexts for ManageCA, ManageCertificates, WritePKIEnrollmentFlag, and WritePKINameFlag (#227) * fix: mising enterprise CA edges (#226) * chore: add collection method properties to schedule job req type (#228) * fix: Remove early return from ADCS post-processing (#234) * chore: partition collection methods to split out ldap source in its own option (#215) * chore: split stats components into shared ui (#242) * chore: split stats components into shared ui * fix: unit test imports * chore: move entity content file to shared ui and update icon colors in bh graph go file (#246) * chore: move entity content file to shared ui and update icon colors in bh graph go file * fix: lint errors and circular deps * docs: consitency for 'ESC1' * Move edgeTypes to shared UI (#247) * chore: Move edgeTypes to bh-shared-ui * chore: remove option for HostsCaFor from edge filtering * chore: remove circular dependency * fix: fix styling for low number of edge filters in a subcategory --------- Co-authored-by: Eli K Miller <[email protected]> Co-authored-by: Ben Waples <[email protected]> Co-authored-by: Stephen Hinck <[email protected]> Co-authored-by: Wesley Maffly-Kipp <[email protected]> * fix: address PR feedback for typo and edge info collapsible section * chore: clean up types related to ScheduledJobRequests * fix: don't include local groups in enterprise ca security data (#250) Closes: https://specterops.atlassian.net/browse/BED-3937 * wip * chore: add ingest integration tests for adcs information * chore: update and compile sharphound, recollect, update assertions * chore: clean up left over conflicts --------- Co-authored-by: jknudsen <[email protected]> Co-authored-by: James Barnett <[email protected]> Co-authored-by: Irshad Ajmal Ahmed <[email protected]> Co-authored-by: Rohan Vazarkar <[email protected]> Co-authored-by: rvazarkar <[email protected]> Co-authored-by: Jonas Bülow Knudsen <[email protected]> Co-authored-by: Dillon Lees <[email protected]> Co-authored-by: Eli K Miller <[email protected]> Co-authored-by: Ben Waples <[email protected]> Co-authored-by: Stephen Hinck <[email protected]> Co-authored-by: Wesley Maffly-Kipp <[email protected]>
- Loading branch information
12 people
authored
Dec 15, 2023
1 parent
ec60c6e
commit db38103