Skip to content

Public release#8

Merged
danti1988 merged 7 commits into
mainfrom
public-release
May 23, 2026
Merged

Public release#8
danti1988 merged 7 commits into
mainfrom
public-release

Conversation

@danti1988

Copy link
Copy Markdown
Member

No description provided.

danti1988 added 7 commits May 22, 2026 16:29
bad_successor and tier0_session_exposure each wrapped their whole body —
including the Neo4j query — in a catch-all except that returned empty, so a
Cypher error or schema drift was indistinguishable from "no findings". The
framework manager already records check exceptions to diagnostics, so removing
the swallow surfaces failures loudly instead of silently.
…cipals

The check flagged only 5 well-known groups (CRITICAL_GROUPS_BY_SID) and
scanned OUs only; DANGEROUS_PERMISSIONS held 6 entries the query could
never emit. Per the BadSuccessor research, any enabled non-Tier-0
principal with full control of an OU or container is exploitable.

- neo4j_data: widen the query to OU or Container, drop disabled principals
- bad_successor: remove the dead DANGEROUS_PERMISSIONS set and the
  CRITICAL_GROUPS_BY_SID post-filter; emit a finding per returned row
- fixture/test: cover a Container and a non-well-known principal; assert
  disabled and Tier-0 principals are excluded
@danti1988
danti1988 merged commit cc3f16f into main May 23, 2026
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant