BadBlood, but worse because it’s my own implementation.
Why? I have no clue. I literally just felt like making bad blood but my own shitty implementation.
Current single-domain only.
And here is a script to install an elk stack on Ubuntu (also because why not?)
The core of this project.
By default stuff that should be secure will have their ACLs reset to this OU. We want to remove this cause we want our improper ACLs to apply to some privileged groups. We can find all objects that this applies to via
get-adobject -Filter * -Properties * | select-object Name,AdminCount | where-object -Property AdminCount -eq 1
Then run this to remove that shit
get-adobject -identity
https://learn.microsoft.com/en-us/dotnet/api/system.directoryservices.activedirectoryaccessrule?view=windowsdesktop-7.0 has a list of the basic acls. A snippet is provided
The basic rights can be set using an object of type ActiveDirectoryAccessRule. The constructor looks like this, for powershell
ActiveDirectoryAccessRule(IdentityReference, ActiveDirectoryRights, AccessControlType, ActiveDirectorySecurityInheritance)
IdentityReference ⇒ the SID of the “controller”ActiveDirectoryRights ⇒ The rights