Question (Feature Request)

[enj5oy]

Hi, i use function NetSessionEnum on remote computer, or i enum Local Groups in remote computer how i can upload this info to bloodhound, any idea how i can parse this with bofhound?

[Tw1sm]

This is something we've talked about implementing before, but have not attempted or tested. Potentially could parse data from the CS-Situational-Awareness-BOF collection's netloggedon and netsession BOFs.

At a minimum this would require

• additional parsing logic (BOF output won't match the currently expected ldapsearch output format)
• additional processing logic (session/logged on results will have to get tied back to a computer object queried from LDAP)
• slight tweak to output JSON to include the new relationships

[Tw1sm]

This was added in #4 and the corresponding BOFs that can be parsed by BOFHound can be found in this PR to the CS-Situational-Awareness-BOF repo

[Tw1sm]

Some additional info on how to actually perform these actions can be found here https://posts.specterops.io/bofhound-session-integration-7b88b6f18423