BED-5310 Consistent Kerberoastable exclusions (#1081)

* bloodhound.Dockerfile needs to point to SpecterOps org to find *hound releases (#1057)

* bloodhound.Dockerfile should point to SpecterOps org to find *hound releases

* fix: update additional references to BloodHoundAD

---------

Co-authored-by: Reuben Lifshay <[email protected]>

* fix: include all asset files in static assets embedfs (#1060)

* BED-5218 chore: add better logging to oidc callback handlers (#1061)

* feat: update SharpHound to v2.5.13 (#1063)

* BED-4624 fix: missing error handling during sso login (#1062)

* fix: BED-5288 - reorder graph schema assertions and update migration information on every application version bump (#1064)

* BED-5060: fix ui (#1069)

* BED-5304 Fix pre-saved queries with coalesce for proper type-checking (#1074)

* BED-5036 implement post processing for CoerceAndRelayNTLMToSMB (#1015)

* BED-5036 implement post processing for CoerceAndRelayNTLMToSMB

* Kpom/bed 4907/cypher shortcut helpers (#1034)

* Use AZ/AD pathfinding inside of the cypher parser

* Only add the base key if it's not an expansion

* Add a hook to determine if it's an updating clause

* Revert "Add a hook to determine if it's an updating clause"

This reverts commit eedb546.

* Add a hasShortCutExpansion to the context and use it any time we want to prevent usage of expansions

* Handle exiting the node correctly in all cases

* Add tests

* Remove unnecessary check in the delete handler

* BED-5289 add docs dir to prep docs team (#1066)

* BED-4194: PG Migrator Testing (#582)

* added integration tests for db switch endpoints

* testing for 3 api handlers

* added cancellation test

* updated tests, minor refactor of migrator

* update variable names

* refactor kinds check

* added integration test header

* bump ci

* added step to drop pg graph schema before migrating, added documentation

* fixed docs typo

* fixed docs formatting

* updated docs

* bump ci

* switched pg testing db to correct version

* BED-4153: slog Migration (#1068)

* BED-4153: Begin slog rewrite

* chore: convert all formatted string logs to use `fmt.Sprintf` as an intermediate for slog compatibility

* BED-4153: Improve context hook

* BED-4153: Fix IDResolver name

* chore: refactor out slog measure package

* chore: reference implementation for supporting runtime level manipulation

* BED-4153: Migrate to new LogAndMeasure

* BED-4153: Migrate to new Measure

* BED-4153: Migrate log.Info

* BED-4153: Migrate log.Error

* BED-4153: Migrate log.Warn

* BED-4153: Migrate log.Debug and log.Panic

* BED-4153: Rename log package to bhlog

* BED-4153: Update gormlogadapter test

* BED-4153: Remove all legacy log functionality

* BED-4153: Resolve issues from migration

* BED-4153: Resolve lint errors

* BED-4153: Resolve lint issues

* BED-4153: Add convenience ConfigureDefault function

* feat: wire up config for text logging

---------

Co-authored-by: Alyx Holms <[email protected]>

* fix: BED-5291 - Update go.work for go version (#1059)

Fix for
go: downloading go1.23 (linux/amd64)
go: download go1.23 for linux/amd64: toolchain not available

* BED-5294 - Move Integration Test Configurations to PG (#1071)

* chore: BED-5294 - move integration test configurations to pg

* fix: disable test

* fix: plumb context correctly in graph migrations and fixup a missing kind definition

* traversals moved to common cue (#1067)

* traversals moved to common cue

* remove contains from azure.InboundOutboundRelationshipKinds

* BED-5037 CoerceNTLMToSMB - Exploitation Information (#1065)

* BED-5037/BED-5100 CoerceNTLMToSMB added exploitation information

* BED-5304 Fix pre-saved queries with coalesce for proper type-checking

* BED-5112: use prettier to organize imports (#1026)

* feat: use prettier to organize imports

* chore: remove unused type augmentation

* chore: remove augmentation from shared-ui

* chore: format bh-shared-ui with new prettier rule

* chore: format bhce with new prettier rule

* chore: format js-client-lib with new prettier rule

* chore: resolve static analysis errors

* fix: more static analysis errors

* chore: use the same ignore comment

* chore: ignore the setupTest files

* feat: add yarn format to CI

* fix: action code paths

* chore: update action

* fix: missing change directory

* BED-5305 fix: inability to swap SSO providers directly (#1076)

---------

Co-authored-by: Michael Lipka <[email protected]>
Co-authored-by: Kaleb Pomeroy <[email protected]>
Co-authored-by: Wesley Maffly-Kipp <[email protected]>
Co-authored-by: Wesley Miller <[email protected]>
Co-authored-by: Alyx Holms <[email protected]>
Co-authored-by: Steve Embling <[email protected]>
Co-authored-by: John Hopper <[email protected]>
Co-authored-by: Brandon Shearin <[email protected]>
Co-authored-by: Ben Waples <[email protected]>
Co-authored-by: mistahj67 <[email protected]>
Co-authored-by: Reuben Lifshay <[email protected]>

* Revert "BED-5304 Fix pre-saved queries with coalesce for proper type-checking…" (#1078)

This reverts commit 151df37.

* BED-5304 Fix pre-saved queries with coalesce for proper type-checking (#1079)

* BED-5304 Fix pre-saved queries with coalesce for proper type-checking

* fix: fixup coalesce arg

---------

Co-authored-by: John Hopper <[email protected]>

* BED-5310 - Update kerberoastable queries to consistently exclude objects

* bump

---------

Co-authored-by: Alex Nemeth <[email protected]>
Co-authored-by: Reuben Lifshay <[email protected]>
Co-authored-by: mistahj67 <[email protected]>
Co-authored-by: John Hopper <[email protected]>
Co-authored-by: Wesley Miller <[email protected]>
Co-authored-by: Michael Lipka <[email protected]>
Co-authored-by: Kaleb Pomeroy <[email protected]>
Co-authored-by: Wesley Maffly-Kipp <[email protected]>
Co-authored-by: Alyx Holms <[email protected]>
Co-authored-by: Steve Embling <[email protected]>
Co-authored-by: Brandon Shearin <[email protected]>
Co-authored-by: Ben Waples <[email protected]>

packages/javascript/bh-shared-ui/src/commonSearches.tsx

@@ -105,7 +105,7 @@ export const CommonSearches: CommonSearchType[] = [
         queries: [
             {
                 description: 'Kerberoastable members of Tier Zero / High Value groups',
-                cypher: `MATCH p=shortestPath((n:User)-[:MemberOf]->(g:Group))\nWHERE 'admin_tier_0' IN split(g.system_tags, ' ') AND n.hasspn=true\nAND n.enabled = true\nAND NOT n.objectid ENDS WITH '-502'\nRETURN p\nLIMIT 1000`,
+                cypher: `MATCH (u:User)\nWHERE u.hasspn=true\nAND u.enabled = true\nAND NOT u.objectid ENDS WITH '-502'\nAND NOT coalesce(u.gmsa, false) = true\nAND NOT coalesce(u.msa, false) = true\nAND coalesce(u.system_tags, '') = 'admin_tier_0'\nRETURN u\nLIMIT 100`,
             },
             {
                 description: 'All Kerberoastable users',
@@ -131,7 +131,7 @@ export const CommonSearches: CommonSearchType[] = [
             },
             {
                 description: 'Shortest paths to Domain Admins from Kerberoastable users',
-                cypher: `MATCH p=shortestPath((n:User)-[:${adTransitEdgeTypes}*1..]->(m:Group))\nWHERE n.hasspn = true AND m.objectid ENDS WITH '-512'\nRETURN p\nLIMIT 1000`,
+                cypher: `MATCH p=shortestPath((u:User)-[:${adTransitEdgeTypes}*1..]->(m:Group))\nWHERE u.hasspn=true\nAND u.enabled = true\nAND NOT u.objectid ENDS WITH '-502'\nAND NOT coalesce(u.gmsa, false) = true\nAND NOT coalesce(u.msa, false) = true\nAND m.objectid ENDS WITH '-512'\nRETURN p\nLIMIT 1000`,
             },
             {
                 description: 'Shortest paths to Tier Zero / High Value targets',