locked
Get All users/groups with sensitive tag RRS feed

  • Question

  • Hi,

    How could I dump the list of the users/groups who has sensitive privileges. is there any column on the mongodb that I can query

    Thank You,

    Ali 

    Tuesday, July 18, 2017 10:18 AM

Answers

  • You can try this:

    mongo ATA --eval " db.UniqueEntity.find({'IsSensitive' : true}, {'DistinguishedName': 1}) "

    Note: this will work for current version, might not work for others, the DB is often changed,
    and is not designed officially for customer custom queries.

    • Marked as answer by 0xPwntester Tuesday, July 25, 2017 2:14 PM
    Tuesday, July 18, 2017 10:57 AM

All replies

  • You can try this:

    mongo ATA --eval " db.UniqueEntity.find({'IsSensitive' : true}, {'DistinguishedName': 1}) "

    Note: this will work for current version, might not work for others, the DB is often changed,
    and is not designed officially for customer custom queries.

    • Marked as answer by 0xPwntester Tuesday, July 25, 2017 2:14 PM
    Tuesday, July 18, 2017 10:57 AM
  • Hello Team,

    When i am  checking the ata  report.

    I found sensitive  users and senstive computer.

    what is the difference between the sensitive user and normal user.

    how to identify the deferences. ?

    Monday, August 21, 2017 5:58 PM
  • See this:

    https://docs.microsoft.com/en-us/advanced-threat-analytics/ata-technical-faq#why-are-certain-accounts-considered-sensitive

    Monday, August 21, 2017 6:12 PM