Bug fix
- User hunting:
- The hunting function now recurses on the target group, in order to get
every target user
- The hunting function throws an exception if no target computers are found
to hunt against
- There's a fix on the foreign user hunting
- We now try to pretty-print AD objects (encoding of binary attributes, better
printing of lists, truncation of too long attributs, etc.). This is still
an ongoing work.
- We separate the creation of WMI connections and RPC connections (you can
create an RPC connection with an unprivileged user, but not a WMI connection)
- We try to manage RPC objects' attributes' encoding in a better way (see 21)
- `get-netgroup` now recursively lists every group the queried user is member of
Features
- `get-netprocess`: interrogates a computer to get a list of running processes
(necessitates admin privileges)
- `invoke-processhunter`: searches machines for specific running processes
- `get-userevent`: interrogates a computer to get a list of user events (logon,
Kerberos TGT) (necessitates admin privileges). _NB_: very slow for now, since
we can only query events one by one using WMI.
- `invoke-eventhunter`: searches machines for specific user events
- `get-gpttmpl`: parses a `GptTmpl.inf` policy file
- `get-domainpolicy`: get the default domain or DC policy
- `get-netgpogroup`: finds every GPO in the domain that set `Restricted Groups`
or `Groups.xml`
- `find-gpocomputeradmin`: finds every GPO-defined admins on a particular
machine or OU
- `find-gpolocation`: finds every machines a user has administrative access to
via GPO