Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Include Account Operators group in Tier Zero default #615

Open
6 of 11 tasks
lbrauns opened this issue May 16, 2024 · 1 comment
Open
6 of 11 tasks

Include Account Operators group in Tier Zero default #615

lbrauns opened this issue May 16, 2024 · 1 comment
Labels
enhancement New feature or request ticketed (automation only) Ticket has been created internally for tracking

Comments

@lbrauns
Copy link

lbrauns commented May 16, 2024

Description:

Account Operators are not classified as Tier 0:

image

Component(s) Affected:

  • UI
  • API
  • Neo4j
  • PostgreSQL
  • Data Collector (SharpHound, AzureHound)
  • Other (tooling, documentation, etc.)

Steps to Reproduce:

  1. Go to [specific page or endpoint]
  2. Click on [button/element/etc.]
  3. Enter [input/data]
  4. See error at [this point]

Expected Behavior:

Account Operators are defined as Tier 0 by some cool dudes who created a table: https://specterops.github.io/TierZeroTable/

Actual Behavior:

Account Operators are not classified as Tier 0, producing a LOT of false positives.

Environment Information:

BloodHound: Enterprise v5.9.0 / Community v5.9.0

Contributor Checklist:

  • I have searched the issue tracker to ensure this bug hasn't been reported before or is not already being addressed.
  • I have provided clear steps to reproduce the issue.
  • I have included relevant environment information details.
  • I have attached necessary supporting documents.
  • I have checked that any JSON files I am attempting to upload to BloodHound are valid.
@lbrauns lbrauns added bug Something isn't working triage This issue requires triaging labels May 16, 2024
@StephenHinck StephenHinck added enhancement New feature or request and removed bug Something isn't working triage This issue requires triaging labels May 17, 2024
@lbrauns lbrauns changed the title Account Operators Are Not Classified Tier 0 Missing Classification of Known Tier 0 Principals May 21, 2024
@lbrauns
Copy link
Author

lbrauns commented May 21, 2024

Just noticed, the KRBTGT account is not added to Tier 0? I am pretty confident that is Tier 0 :)

image

@slokie-so slokie-so added ticketed (automation only) Ticket has been created internally for tracking and removed ticketed (automation only) Ticket has been created internally for tracking labels May 24, 2024
@StephenHinck StephenHinck changed the title Missing Classification of Known Tier 0 Principals Include Account Operators group in Tier Zero default Aug 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request ticketed (automation only) Ticket has been created internally for tracking
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@StephenHinck @lbrauns @slokie-so