From 49e8c1127fb58c501f8857179c904c03dc83a287 Mon Sep 17 00:00:00 2001
From: Mariusz B <mb@binary-offensive.com>
Date: Sun, 29 Mar 2020 19:32:28 +0200
Subject: [PATCH] Update Handy-BloodHound-Cypher-Queries.md

---
 red-teaming/Handy-BloodHound-Cypher-Queries.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/red-teaming/Handy-BloodHound-Cypher-Queries.md b/red-teaming/Handy-BloodHound-Cypher-Queries.md
index c4a097f..1fc0c62 100644
--- a/red-teaming/Handy-BloodHound-Cypher-Queries.md
+++ b/red-teaming/Handy-BloodHound-Cypher-Queries.md
@@ -37,6 +37,11 @@ MATCH (u:User {hasspn: True}) WHERE NOT u.name starts with 'KRBTGT' RETURN u
 MATCH (A:User),(B:Group),p=shortestPath((A)-[*1..]->(B)) WHERE A.hasspn=true AND B.name STARTS WITH 'DOMAIN ADMINS' RETURN p
 ```
 
+- Finds owned objects that can control other computers:
+```
+MATCH (m {owned: True}), (n), p=(m)-[:CanPSRemote|ExecuteDCOM|CanRDP|SQLAdmin|AdminTo]->(n) RETURN p
+```
+
 - Return users that have PASSWORD_NOT_REQUIRED flag set in their UserAccountControl field (thus they have an empty password set) and are enabled
 ```
 MATCH (n:User {enabled: True, passwordnotreqd: True}) RETURN n