Merge pull request #81 from BloodHoundAD/BED-3895

Add IsACLProtected to property bags for ingest
SpecterOps · Dec 4, 2023 · 8fb1b84 · 8fb1b84
2 parents 76fb763 + 3a4674f
commit 8fb1b84
Showing 1 changed file with 12 additions and 0 deletions.
diff --git a/src/Runtime/ObjectProcessors.cs b/src/Runtime/ObjectProcessors.cs
@@ -117,6 +117,7 @@ private async Task<User> ProcessUserObject(ISearchResultEntry entry,
                 var gmsa = entry.GetByteProperty(LDAPProperties.GroupMSAMembership);
                 ret.Aces = aces.Concat(_aclProcessor.ProcessGMSAReaders(gmsa, resolvedSearchResult.Domain)).ToArray();
                 ret.IsACLProtected = _aclProcessor.IsACLProtected(entry);
+                ret.Properties.Add("isaclprotected", ret.IsACLProtected);
             }
 
             if ((_methods & ResolvedCollectionMethod.Group) != 0)
@@ -181,6 +182,7 @@ private async Task<Computer> ProcessComputerObject(ISearchResultEntry entry,
             {
                 ret.Aces = _aclProcessor.ProcessACL(resolvedSearchResult, entry).ToArray();
                 ret.IsACLProtected = _aclProcessor.IsACLProtected(entry);
+                ret.Properties.Add("isaclprotected", ret.IsACLProtected);
             }
 
             if ((_methods & ResolvedCollectionMethod.Group) != 0)
@@ -327,6 +329,7 @@ private Group ProcessGroupObject(ISearchResultEntry entry,
             {
                 ret.Aces = _aclProcessor.ProcessACL(resolvedSearchResult, entry).ToArray();
                 ret.IsACLProtected = _aclProcessor.IsACLProtected(entry);
+                ret.Properties.Add("isaclprotected", ret.IsACLProtected);
             }
 
             if ((_methods & ResolvedCollectionMethod.Group) != 0)
@@ -395,6 +398,7 @@ private async Task<Domain> ProcessDomainObject(ISearchResultEntry entry,
             {
                 ret.Aces = _aclProcessor.ProcessACL(resolvedSearchResult, entry).ToArray();
                 ret.IsACLProtected = _aclProcessor.IsACLProtected(entry);
+                ret.Properties.Add("isaclprotected", ret.IsACLProtected);
             }
 
             if ((_methods & ResolvedCollectionMethod.Trusts) != 0)
@@ -442,6 +446,7 @@ private GPO ProcessGPOObject(ISearchResultEntry entry,
             {
                 ret.Aces = _aclProcessor.ProcessACL(resolvedSearchResult, entry).ToArray();
                 ret.IsACLProtected = _aclProcessor.IsACLProtected(entry);
+                ret.Properties.Add("isaclprotected", ret.IsACLProtected);
             }
 
             if ((_methods & ResolvedCollectionMethod.ObjectProps) != 0)
@@ -475,6 +480,7 @@ private async Task<OU> ProcessOUObject(ISearchResultEntry entry,
             {
                 ret.Aces = _aclProcessor.ProcessACL(resolvedSearchResult, entry).ToArray();
                 ret.IsACLProtected = _aclProcessor.IsACLProtected(entry);
+                ret.Properties.Add("isaclprotected", ret.IsACLProtected);
             }
 
             if ((_methods & ResolvedCollectionMethod.ObjectProps) != 0)
@@ -526,6 +532,7 @@ private Container ProcessContainerObject(ISearchResultEntry entry,
                 ret.Aces = _aclProcessor.ProcessACL(resolvedSearchResult, entry)
                     .ToArray();
                 ret.IsACLProtected = _aclProcessor.IsACLProtected(entry);
+                ret.Properties.Add("isaclprotected", ret.IsACLProtected);
             }
 
             if ((_methods & ResolvedCollectionMethod.ObjectProps) != 0)
@@ -559,6 +566,7 @@ private async Task<RootCA> ProcessRootCA(ISearchResultEntry entry, ResolvedSearc
             {
                 ret.Aces = _aclProcessor.ProcessACL(resolvedSearchResult, entry).ToArray();
                 ret.IsACLProtected = _aclProcessor.IsACLProtected(entry);
+                ret.Properties.Add("isaclprotected", ret.IsACLProtected);
             }
 
             if ((_methods & ResolvedCollectionMethod.ObjectProps) != 0)
@@ -591,6 +599,7 @@ private async Task<AIACA> ProcessAIACA(ISearchResultEntry entry, ResolvedSearchR
             {
                 ret.Aces = _aclProcessor.ProcessACL(resolvedSearchResult, entry).ToArray();
                 ret.IsACLProtected = _aclProcessor.IsACLProtected(entry);
+                ret.Properties.Add("isaclprotected", ret.IsACLProtected);
             }
 
             if ((_methods & ResolvedCollectionMethod.ObjectProps) != 0)
@@ -623,6 +632,7 @@ private async Task<EnterpriseCA> ProcessEnterpriseCA(ISearchResultEntry entry, R
             {
                 ret.Aces = _aclProcessor.ProcessACL(resolvedSearchResult, entry).ToArray();
                 ret.IsACLProtected = _aclProcessor.IsACLProtected(entry);
+                ret.Properties.Add("isaclprotected", ret.IsACLProtected);
             }
 
             if ((_methods & ResolvedCollectionMethod.ObjectProps) != 0)
@@ -689,6 +699,7 @@ private async Task<NTAuthStore> ProcessNTAuthStore(ISearchResultEntry entry, Res
             {
                 ret.Aces = _aclProcessor.ProcessACL(resolvedSearchResult, entry).ToArray();
                 ret.IsACLProtected = _aclProcessor.IsACLProtected(entry);
+                ret.Properties.Add("isaclprotected", ret.IsACLProtected);
             }
 
             if ((_methods & ResolvedCollectionMethod.ObjectProps) != 0)
@@ -728,6 +739,7 @@ private async Task<CertTemplate> ProcessCertTemplate(ISearchResultEntry entry, R
             {
                 ret.Aces = _aclProcessor.ProcessACL(resolvedSearchResult, entry).ToArray();
                 ret.IsACLProtected = _aclProcessor.IsACLProtected(entry);
+                ret.Properties.Add("isaclprotected", ret.IsACLProtected);
             }
 
             if ((_methods & ResolvedCollectionMethod.ObjectProps) != 0)