analyze

package
v0.0.0-...-f1573f2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 20, 2024 License: AGPL-3.0 Imports: 14 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	LocalMachineSID         = engine.NewAttribute("localMachineSID")
	LocalMachineSIDOriginal = engine.NewAttribute("localMachineSIDOriginal")
	AbsolutePath            = engine.NewAttribute("absolutePath")
	ShareType               = engine.NewAttribute("shareType")
	ServiceStart            = engine.NewAttribute("serviceStart")
	ServiceType             = engine.NewAttribute("serviceType")

	EdgeLocalAdminRights = engine.NewEdge("AdminRights").Tag("Granted")
	EdgeLocalRDPRights   = engine.NewEdge("RDPRights").RegisterProbabilityCalculator(func(source, target *engine.Object) engine.Probability {
		var probability engine.Probability

		if probability < 30 {
			probability = 30
		}
		return probability
	}).Tag("Granted").Tag("Pivot")
	EdgeLocalDCOMRights              = engine.NewEdge("DCOMRights").RegisterProbabilityCalculator(func(source, target *engine.Object) engine.Probability { return 50 }).Tag("Granted")
	EdgeLocalSMSAdmins               = engine.NewEdge("SMSAdmins").RegisterProbabilityCalculator(func(source, target *engine.Object) engine.Probability { return 50 }).Tag("Granted")
	EdgeLocalSessionLastDay          = engine.NewEdge("SessionLastDay").RegisterProbabilityCalculator(func(source, target *engine.Object) engine.Probability { return 80 }).Tag("Pivot")
	EdgeLocalSessionLastWeek         = engine.NewEdge("SessionLastWeek").RegisterProbabilityCalculator(func(source, target *engine.Object) engine.Probability { return 55 }).Tag("Pivot")
	EdgeLocalSessionLastMonth        = engine.NewEdge("SessionLastMonth").RegisterProbabilityCalculator(func(source, target *engine.Object) engine.Probability { return 30 }).Tag("Pivot")
	EdgeHasServiceAccountCredentials = engine.NewEdge("SvcAccntCreds").Tag("Pivot")
	EdgeHasAutoAdminLogonCredentials = engine.NewEdge("AutoAdminLogonCreds").Tag("Pivot")
	EdgeRunsExecutable               = engine.NewEdge("RunsExecutable")
	EdgeHosts                        = engine.NewEdge("Hosts")
	EdgeExecuted                     = engine.NewEdge("Executed")
	EdgeMemberOfGroup                = engine.NewEdge("MemberOfGroup")
	EdgeFileWrite                    = engine.NewEdge("FileWrite")
	EdgeFileRead                     = engine.NewEdge("FileRead")
	EdgeShares                       = engine.NewEdge("Shares").Describe("Machine offers a file share")
	EdgeRegistryOwns                 = engine.NewEdge("RegistryOwns")
	EdgeRegistryWrite                = engine.NewEdge("RegistryWrite")
	EdgeRegistryModifyDACL           = engine.NewEdge("RegistryModifyDACL")
	EdgeRegistryModifyOwner          = engine.NewEdge("RegistryModifyOwner")

	EdgeSeBackupPrivilege        = engine.NewEdge("SeBackupPrivilege")
	EdgeSeRestorePrivilege       = engine.NewEdge("SeRestorePrivilege")
	EdgeSeTakeOwnershipPrivilege = engine.NewEdge("SeTakeOwnershipPrivilege")

	EdgeSeAssignPrimaryToken   = engine.NewEdge("SeAssignPrimaryToken").Tag("Pivot")
	EdgeSeCreateToken          = engine.NewEdge("SeCreateToken").Tag("Pivot")
	EdgeSeDebug                = engine.NewEdge("SeDebug").Tag("Pivot")
	EdgeSeImpersonate          = engine.NewEdge("SeImpersonate").RegisterProbabilityCalculator(func(source, target *engine.Object) engine.Probability { return 20 }).Tag("Pivot")
	EdgeSeLoadDriver           = engine.NewEdge("SeLoadDriver").Tag("Pivot")
	EdgeSeManageVolume         = engine.NewEdge("SeManageVolume").Tag("Pivot")
	EdgeSeTakeOwnership        = engine.NewEdge("SeTakeOwnership").Tag("Pivot")
	EdgeSeTrustedCredManAccess = engine.NewEdge("SeTrustedCredManAccess").Tag("Pivot")
	EdgeSeTcb                  = engine.NewEdge("SeTcb").Tag("Pivot")

	EdgeSeNetworkLogonRight = engine.NewEdge("SeNetworkLogonRight").RegisterProbabilityCalculator(func(source, target *engine.Object) engine.Probability { return 10 })

	EdgeSIDCollision = engine.NewEdge("SIDCollision").Tag("Informative").RegisterProbabilityCalculator(func(source, target *engine.Object) engine.Probability { return 0 })

	DNSHostname         = engine.NewAttribute("dnsHostName")
	EdgeControlsUpdates = engine.NewEdge("ControlsUpdates").Tag("Affects")
	WUServer            = engine.NewAttribute("wuServer")
	SCCMServer          = engine.NewAttribute("sccmServer")

	EdgePublishes = engine.NewEdge("Publishes").Tag("Informative")

	ObjectTypeShare = engine.NewObjectType("Share", "Share")
)

Functions

func ImportCollectorInfo 

func ImportCollectorInfo(ao *engine.Objects, cinfo localmachine.Info) (*engine.Object, error)

Returns the computer object

func LinkSCCM 

func LinkSCCM(ao *engine.Objects)

func MapSID 

func MapSID(original, new, input windowssecurity.SID) windowssecurity.SID

Types

type LocalMachineLoader 

type LocalMachineLoader struct {
	// contains filtered or unexported fields
}

func (*LocalMachineLoader) Close 

func (ld *LocalMachineLoader) Close() ([]*engine.Objects, error)

func (*LocalMachineLoader) Estimate 

func (ld *LocalMachineLoader) Estimate(path string, cb engine.ProgressCallbackFunc) error

func (*LocalMachineLoader) Init 

func (ld *LocalMachineLoader) Init() error

func (*LocalMachineLoader) Load 

func (ld *LocalMachineLoader) Load(path string, cb engine.ProgressCallbackFunc) error

func (*LocalMachineLoader) Name 

func (ld *LocalMachineLoader) Name() string

type RelativeLocation 

type RelativeLocation byte
const (
	Auto RelativeLocation = iota
	Local
	Domain
)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.