Sharphound 2.4.1 declared some users as a group, e.g. the MSOL_ accounts (in Neo4J)
Closed this issue · 1 comments
HerrHozi commented
Hi,
I figured out, that some users will be declared as a group, these objects also have three labels.
labels(s)[0] = 'Group'
labels(s)[1] = 'User'
labels(s)[2] = 'Base'
instead of
labels(s)[0] = 'User'
labels(s)[1] = 'Base'
try this in your lab e.g. with the following query:
match (s) where labels(s)[0] = 'Group' return s.name,s.lastlogontimestamp, labels(s)[0],labels(s)[1],labels(s)[2] order by s.lastlogontimestamp
but BH5 CE shows the object, as a correct type.
This is a bug in Sharphound 2.4.1?
TIA
- Holger
rvazarkar commented
I believe we've fixed this in SpecterOps/BloodHound#741