Ingest new data

[0cmenog]

Description

Motivation and Context

This PR allows to visualize and ingest, according to GPO precedences, new properties:

Password Policies

• ClearTextPassword
• MaximumPasswordAge
• MinimumPasswordAge
• MinimumPasswordLength
• PasswordComplexity
• PasswordHistorySize

Lockout Policies

• ForceLogoffWhenHourExpire
• LockoutBadCount
• LockoutDuration
• ResetLockoutCount

SMB Signings

• EnablesClientSMBSigning
• EnablesServerSMBSigning
• RequiresClientSMBSigning
• RequiresServerSMBSigning

LDAP properties

• LDAPEnforceChannelBinding
• RequiresLDAPClientSigning

LM Authentication Level

• LmCompatibilityLevel

MS Cache

• CachedLogonsCount

This PR is related to the BloodHoundAD/SharpHoundCommon#52 one, that extract these new properties.

How Has This Been Tested?

The code has been tested for all the new properties and for the following precedences rules (with combinations):

• GPO link order
• Container hierarchy
• Inheritance blocking
• Enforced link
• Nested OU

Screenshots (if appropriate):

Below is an example of some newly extracted properties that are visible under the Object Information tab.

Types of changes

• Chore (a change that does not modify the application functionality)
• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

• Documentation updates are needed, and have been made accordingly.
• I have added and/or updated tests to cover my changes.
• All new and existing tests passed.
• My changes include a database migration.

[Hackndo]

hey there, you should reverse this change

[StephenHinck]

Thank you very much for your patience. We've had a lot going on lately and have some process improvements in the works to provide more timely feedback on PRs.

Unfortunately, we need to decline this PR at this time. The scope of this effort extends beyond the primary use cases of identifying and testing Attack Paths. Any time we accept code into the product, maintenance becomes the responsibility of SpecterOps; the additions within do not meet our objectives for the tool at this time, and we cannot accept long-term responsibility for functionality outside of those goals.

With that said, I will share two pieces of good news:

1. Our research team is pursuing direct coverage of NTLM/SMB relay for incorporation into BloodHound later this year.
2. We have a long-term project underway that will give folks more flexibility to extend BloodHound in a way that does not put that maintenance impetus on SpecterOps. The net result of this project is that efforts such as this one that provide value to folks outside of SpecterOps' primary use cases will have a more direct path towards extending and maintaining BloodHound on their own and sharing those extensions with others without SpecterOps needing to determine whether that extension is one we'd like to maintain over the long term.

We would still like to recognize the effort put into this PR (and associated SharpHound PR) and would like to send a swag package your way. If you would be interested, please DM me your shipping address, and I'll have our team send one out as a token of our appreciation.