Sneed-Reactivity/yara-mikesxrs/AirBnB/hacktool_multi_bloodhound_owned.yara

21 lines
1.1 KiB
Text
Raw Normal View History

rule hacktool_multi_bloodhound_owned
{
meta:
description = "Bloodhound: Custom queries to document a compromise, find collateral spread of owned nodes, and visualize deltas in privilege gains"
reference = "https://github.com/porterhau5/BloodHound-Owned/"
author = "@fusionrace"
strings:
$s1 = "Find all owned Domain Admins" fullword ascii wide
$s2 = "Find Shortest Path from owned node to Domain Admins" fullword ascii wide
$s3 = "List all directly owned nodes" fullword ascii wide
$s4 = "Set owned and wave properties for a node" fullword ascii wide
$s5 = "Find spread of compromise for owned nodes in wave" fullword ascii wide
$s6 = "Show clusters of password reuse" fullword ascii wide
$s7 = "Something went wrong when creating SharesPasswordWith relationship" fullword ascii wide
$s8 = "reference doc of custom Cypher queries for BloodHound" fullword ascii wide
$s9 = "Created SharesPasswordWith relationship between" fullword ascii wide
$s10 = "Skipping finding spread of compromise due to" fullword ascii wide
condition:
any of them
}