Bloodhound cypher query

user logging session

MATCH c=(C:Computer)-[r2:HasSession*1]-(U:User)  WHERE U.name =~ ".*" return c

list all computers

MATCH (m:Computer) RETURN m

list all users

MATCH (u:User) RETURN u

list all groups

MATCH (g) RETURN g LIMIT 10

list all gpo

MATCH (g:GPO) RETURN g LIMIT 20

Unconstraint delegation

MATCH (c {unconstraineddelegation:true}) return c

Constrain delegation

MATCH p=(u)-[:AllowedToDelegate]->(c) RETURN p

rbcd

MATCH q=(u)-[:GenericWrite|GenericAll|WriteDacl|  
WriteOwner|Owns|WriteAccountRestrictions|AllowedToAct]->(:Computer) WHERE NOT  
u.objectid ENDS WITH "-512" AND NOT  
u.objectid ENDS WITH "-519" AND NOT  
u.objectid ENDS WITH "-544" AND NOT  
u.objectid ENDS WITH "-548" RETURN q
PreviousWindowsNextPowerview

Last updated

Was this helpful?