Add Secondary localgroup/session BOFs Supported by BOFHound

[Tw1sm]

External tool BOFHound (now here) has supported parsing ldapsearch results out of C2 logs to produce JSON for BloodHound. This PR adds several secondary versions of existing BOFs that allow parsing of session data and local group memberships from log files. This allows for BloodHound's HasSession, AdminTo and other edges that rely on local group data.

This PR includes secondary versions of the following BOFs (mostly modified for ease of output parsing, but there are some other modifications such as structures returned by API calls):

• netsession2
• netloggedon2
• netLocalGroupListMember2

One "new" BOF to pull sessions from the registry:

• regsession

I opted for separate secondary BOFs since the changes aren't really upgrades/bugfixes for the original BOFs, and in some cases might clutter the output with data some users don't care for. With that said, if you'd like these changes merged into the original BOFs, I can make the necessary edits. Conversely, if you don't want to accept this PR, I am happy to move these BOFs to their own dedicated repo.

Additional details here: https://posts.specterops.io/bofhound-session-integration-7b88b6f18423

[freefirex]

Thanks for the pull request!

I found a few items I would like addressed in get-netsession2. Everything else looks good to me 👍

[freefirex]

the value of base is passed by value. This free will never get hit and the value returned in the query_domain call will get leaked. The free for this value needs to be in query_domain

[Tw1sm]

I think I fixed this one, moving the call up to query_domain

[Tw1sm]

@freefirex thank you for providing recommended fixes for the issues - huge help. I think I've made the changes as requested, but if any issues are still lingering, please let me know and I'll take another pass

[freefirex]

Merged, thanks again!