Skip to content
This repository has been archived by the owner on Sep 2, 2022. It is now read-only.

Fix GPO collection collecting versioning GPO when GPA is used #65

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Fix GPO collection collecting versioning GPO when GPA is used #65

wants to merge 1 commit into from

Conversation

Crypt0-M3lon
Copy link
Contributor

My compagny use Group Policy Admin (https://www.microfocus.com/en-us/products/netiq-group-policy-administrator/overview) to manage GPO.
When collecting GPO, versionned GPO managed by GPA are collected, leading the the collect of 4 Default Domain Policy and wrong/false positive attack paths.
The main différence between a versionned GPO and an GPO is the presence of the Flags attributes in the Group Policy Object.
The patch just add a check for the flags attribute existence in LDAP queries to ignore versionned GPO.

@rvazarkar
Copy link
Contributor

Interesting, I dont think I've run into this before, going to take a look and make sure everything works properly before merging

@Crypt0-M3lon
Copy link
Contributor Author

Yep sure, ping me on slack if you need further information.

rvazarkar referenced this pull request in BloodHoundAD/SharpHound3 Nov 7, 2019
@rvazarkar
Filter GPA managed GPOs
3d353f2 
Fix based on PR from @Crypt0-M3lon
BloodHoundAD/SharpHound#65
@rvazarkar rvazarkar mentioned this pull request Nov 22, 2021
Open
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Crypt0-M3lon @rvazarkar