From a8578c36415997435911ffcda5ce28ef73ede873 Mon Sep 17 00:00:00 2001
From: anemeth <anemeth@specterops.io>
Date: Wed, 13 Mar 2024 13:13:34 -0700
Subject: [PATCH] Skip over CAs that can't be resolved to SIDs during
 collection

---
 src/Runtime/ObjectProcessors.cs | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/Runtime/ObjectProcessors.cs b/src/Runtime/ObjectProcessors.cs
index 7ec9e48..1fff354 100644
--- a/src/Runtime/ObjectProcessors.cs
+++ b/src/Runtime/ObjectProcessors.cs
@@ -638,6 +638,13 @@ private async Task<EnterpriseCA> ProcessEnterpriseCA(ISearchResultEntry entry, R
                 {
                     ret.HostingComputer = await _context.LDAPUtils.ResolveHostToSid(dnsHostName, resolvedSearchResult.Domain);
 
+                    // If ResolveHostToSid does not return a valid SID, we don't want to process this CA
+                    if (ret.HostingComputer == null || !ret.HostingComputer.StartsWith("S-1-"))
+                    {
+                        _log.LogWarning("CA could not be resolved to a SID, skipping.", dnsHostName, resolvedSearchResult.Domain);
+                        return null;
+                    }
+
                     CARegistryData cARegistryData = new()
                     {
                         IsUserSpecifiesSanEnabled = _certAbuseProcessor.IsUserSpecifiesSanEnabled(dnsHostName, caName),