You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This node/relationship is captured, so AzureHound is able to identify nodes with the Policy.ReadWrite.ConditionalAccess permission
However, this query fails to return any results when it has clearly been captured by the utility.
MATCH (n:AZServicePrincipal)
WHERE n.approleid = "01c0a623-fc9b-48e9-b794-0756f8e8f067" OR n.approleid = "ad902697-1014-4ef5-81ef-2b4301988e8c"
RETURN n
It would immensely beneficial to be able to return nodes that have these properties, even if they do not currently map attack paths (CA Policies are not captured via AzureHound) to other nodes as this would allow users to identify potential targets to investigate.
The text was updated successfully, but these errors were encountered:
When parsing through the json output, certain properties are captured that cannot be queried via BloodHound or the neo4j consoles.
For example:
{ "kind": "AZAppRoleAssignment", "data": { "appRoleId": "01c0a623-fc9b-48e9-b794-0756f8e8f067", "createdDateTime": "2022-08-12T14:11:25.0841466Z", "id": "1cBV4_REDACTED", "principalDisplayName": "Postman", "principalId": "e355c0d5-REDACTED-f91bb0c16323", "principalType": "ServicePrincipal", "resourceDisplayName": "Microsoft Graph", "resourceId": "129f86f8-REDACTED-554be743f9b9", "appId": "00000003-0000-0000-c000-000000000000", "tenantId": "REDACTED" } }This node/relationship is captured, so AzureHound is able to identify nodes with the
Policy.ReadWrite.ConditionalAccesspermissionHowever, this query fails to return any results when it has clearly been captured by the utility.
It would immensely beneficial to be able to return nodes that have these properties, even if they do not currently map attack paths (CA Policies are not captured via AzureHound) to other nodes as this would allow users to identify potential targets to investigate.
The text was updated successfully, but these errors were encountered: