From 8837fa5add6387f8720f67ff7b70e59f39671055 Mon Sep 17 00:00:00 2001 From: mgeeky Date: Thu, 5 May 2022 13:32:10 +0200 Subject: [PATCH] update --- clouds/azure/AzureRT | 2 +- file-formats/PackMyPayload | 2 +- phishing/decode-spam-headers | 2 +- red-teaming/bloodhound/Handy-BloodHound-Cypher-Queries.md | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/clouds/azure/AzureRT b/clouds/azure/AzureRT index a1f5ba2..9aa8a2a 160000 --- a/clouds/azure/AzureRT +++ b/clouds/azure/AzureRT @@ -1 +1 @@ -Subproject commit a1f5ba28880e6470fa3e8a59ba50388272db1839 +Subproject commit 9aa8a2a623077cae13922ba8a9cabe1d17bc5a5c diff --git a/file-formats/PackMyPayload b/file-formats/PackMyPayload index 6ce9975..75f6270 160000 --- a/file-formats/PackMyPayload +++ b/file-formats/PackMyPayload @@ -1 +1 @@ -Subproject commit 6ce9975ae639ac16b7dce5c6461a066d8988cec8 +Subproject commit 75f6270d0417d749b56c718d0d8ad0003c74d785 diff --git a/phishing/decode-spam-headers b/phishing/decode-spam-headers index 9bc13da..7d3c3b5 160000 --- a/phishing/decode-spam-headers +++ b/phishing/decode-spam-headers @@ -1 +1 @@ -Subproject commit 9bc13dacc3e21ab9774b059f73f8daadfccdebf6 +Subproject commit 7d3c3b5991cb430d6ff9c66c794688d67d5baa75 diff --git a/red-teaming/bloodhound/Handy-BloodHound-Cypher-Queries.md b/red-teaming/bloodhound/Handy-BloodHound-Cypher-Queries.md index f6153e0..d428c7b 100644 --- a/red-teaming/bloodhound/Handy-BloodHound-Cypher-Queries.md +++ b/red-teaming/bloodhound/Handy-BloodHound-Cypher-Queries.md @@ -8,7 +8,7 @@ MATCH (u:User {enabled: true, allowedtodelegate: true}) WHERE toLower(u.name) EN MATCH (u:User {enabled: true, unconstraineddelegation: true}) WHERE toLower(u.name) ENDS WITH "contoso.com" RETURN "Enabled Users with Unconstrained Delegation" AS what, count(u) AS number UNION ALL MATCH (u:User {enabled: true, admincount: true}) WHERE toLower(u.name) ENDS WITH "contoso.com" RETURN "Enabled Users with Admin Count = 1" AS what, count(u) AS number UNION ALL MATCH (u:User {enabled: true, hasspn: True}) WHERE toLower(u.name) ENDS WITH "contoso.com" AND NOT u.name STARTS WITH 'KRBTGT' RETURN "Kerberoastable & Enabled Users" AS what, count(u) AS number UNION ALL -MATCH (u:User {enabled: false, hasspn: True}) WHERE toLower(u.name) ENDS WITH "contoso.com" AND NOT u.name STARTS WITH 'KRBTGT' RETURN "Kerberoastable Users" AS what, count(u) AS number UNION ALL +MATCH (u:User {enabled: false, hasspn: True}) WHERE toLower(u.name) ENDS WITH "contoso.com" AND NOT u.name STARTS WITH 'KRBTGT' RETURN "Kerberoastable & Disabled Users" AS what, count(u) AS number UNION ALL MATCH (u:User {enabled: true, passwordnotreqd: true}) WHERE toLower(u.name) ENDS WITH "contoso.com" RETURN "Enabled Users with Password Not Required" AS what, count(u) AS number UNION ALL MATCH (u:User {enabled: true, pwdneverexpires: true}) WHERE toLower(u.name) ENDS WITH "contoso.com" RETURN "Enabled Users with Password Never Expires" AS what, count(u) AS number UNION ALL MATCH (u:User {enabled: true, dontreqpreauth: true}) WHERE toLower(u.name) ENDS WITH "contoso.com" RETURN "Enabled Users with Dont Require Pre-Authentication (ASREP roastable)" AS what, count(u) AS number UNION ALL