From 06416d5604f224f807ed156e2615552730964de6 Mon Sep 17 00:00:00 2001 From: Lars Karlslund Date: Mon, 8 Jan 2024 08:31:52 +0100 Subject: [PATCH] Added SeMachineAccountPrivilege to localmachine ingestor, but no edges yet --- modules/integrations/localmachine/analyze/import.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/integrations/localmachine/analyze/import.go b/modules/integrations/localmachine/analyze/import.go index 1f252fe..7051f0c 100644 --- a/modules/integrations/localmachine/analyze/import.go +++ b/modules/integrations/localmachine/analyze/import.go @@ -219,6 +219,10 @@ func ImportCollectorInfo(ao *engine.Objects, cinfo localmachine.Info) (*engine.O pwn = EdgeSeTakeOwnership case "SeTrustedCredManAccess": pwn = EdgeSeTrustedCredManAccess + case "SeMachineAccountPrivilege": + // Join machine to domain + + // pwn = EdgeSeMachineAccount case "SeTcbPrivilege": pwn = EdgeSeTcb case "SeIncreaseQuotaPrivilege", "SeSystemProfilePrivilege", "SeSecurityPrivilege", "SeSystemtimePrivilege", "SeProfileSingleProcessPrivilege", "SeIncreaseBasePriorityPrivilege", "SeCreatePagefilePrivilege", "SeShutdownPrivilege", "SeAuditPrivilege", "SeSystemEnvironmentPrivilege", "SeChangeNotifyPrivilege", "SeRemoteShutdownPrivilege", "SeUndockPrivilege", "SeCreateGlobalPrivilege", "SeIncreaseWorkingSetPrivilege", "SeTimeZonePrivilege", "SeCreateSymbolicLinkPrivilege", "SeInteractiveLogonRight", "SeDenyInteractiveLogonRight", "SeDenyRemoteInteractiveLogonRight", "SeBatchLogonRight", "SeServiceLogonRight", "SeDelegateSessionUserImpersonatePrivilege", "SeLockMemoryPrivilege", "SeDenyNetworkLogonRight", "SeTrustedCredManAccessPrivilege", "SeDenyBatchLogonRight", "SeDenyServiceLogonRight", "SeRelabelPrivilege":