-
Notifications
You must be signed in to change notification settings - Fork 55
Expand file tree
/
Copy pathCollectionMethod.cs
More file actions
43 lines (40 loc) · 1.53 KB
/
CollectionMethod.cs
File metadata and controls
43 lines (40 loc) · 1.53 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
using System;
namespace SharpHoundCommonLib.Enums {
[Flags]
public enum CollectionMethod {
None = 0,
Group = 1,
LocalAdmin = 1 << 1,
GPOLocalGroup = 1 << 2,
Session = 1 << 3,
LoggedOn = 1 << 4,
Trusts = 1 << 5,
ACL = 1 << 6,
Container = 1 << 7,
RDP = 1 << 8,
ObjectProps = 1 << 9,
SessionLoop = 1 << 10,
LoggedOnLoop = 1 << 11,
DCOM = 1 << 12,
SPNTargets = 1 << 13,
PSRemote = 1 << 14,
UserRights = 1 << 15,
CARegistry = 1 << 16,
DCRegistry = 1 << 17,
CertServices = 1 << 18,
LdapServices = 1 << 19,
WebClientService = 1 << 21,
SmbInfo = 1 << 22,
NTLMRegistry = 1 << 23,
GPOUserRights = 1 << 24,
//TODO: Re-introduce this when we're ready for Event Log collection
//EventLogs = 1 << 23,
LocalGroups = DCOM | RDP | LocalAdmin | PSRemote,
ComputerOnly = LocalGroups | Session | UserRights | CARegistry | DCRegistry | WebClientService | SmbInfo | NTLMRegistry,
DCOnly = ACL | Container | Group | ObjectProps | Trusts | GPOLocalGroup | GPOUserRights | CertServices,
Default = Group | Session | Trusts | ACL | ObjectProps | LocalGroups | SPNTargets | Container | CertServices |
LdapServices | SmbInfo | WebClientService,
All = Default | LoggedOn | GPOLocalGroup | GPOUserRights | UserRights | CARegistry | DCRegistry | WebClientService |
LdapServices | NTLMRegistry
}
}