• Welcome to the world's largest Chinese hacker forum

    Welcome to the world's largest Chinese hacker forum, our forum registration is open! You can now register for technical communication with us, this is a free and open to the world of the BBS, we founded the purpose for the study of network security, please don't release business of black/grey, or on the BBS posts, to seek help hacker if violations, we will permanently frozen your IP and account, thank you for your cooperation. Hacker attack and defense cracking or network Security

    business please click here: Creation Security  From CNHACKTEAM

AZUREHOUND CYPHER CHEATSHEET


Recommended Posts

  • List of Cypher queries to help analyze AzureHound data. Queries under ‘GUI’ are intended for the BloodHound GUI (Settings>Query Debug Mode). Queries under ‘Console’ are intended for the Neo4j console (usually located at http://localhost:7474). Download the ‘Custom Queries’ json file here: https://github.com/hausec/Bloodhound-Custom-Queries

    GUI

    Return All Azure Users that are part of the ‘Global Administrator’ Role

    MATCH p =(n)-[r:AZGlobalAdmin*1..]->(m) RETURN p

    Return All On-Prem users with edges to Azure

    MATCH  p=(m:User)-[r:AZResetPassword|AZOwns|AZUserAccessAdministrator|AZContributor|AZAddMembers|AZGlobalAdmin|AZVMContributor|AZOwnsAZAvereContributor]->(n) WHERE m.objectid CONTAINS 'S-1-5-21' RETURN p

    Find all paths to an Azure VM

    MATCH p = (n)-[r]->(g:AZVM) RETURN p

    Find all paths to an Azure KeyVault

    MATCH p = (n)-[r]->(g:AZKeyVault) RETURN p

    Return All Azure Users and their Groups

    MATCH p=(m:AZUser)-[r:MemberOf]->(n) WHERE NOT m.objectid CONTAINS 'S-1-5' RETURN p

    Return All Azure AD Groups that are synchronized with On-Premise AD

    MATCH (n:Group) WHERE n.objectid CONTAINS 'S-1-5' AND n.azsyncid IS NOT NULL RETURN n

    Find all Privileged Service Principals

    MATCH p = (g:AZServicePrincipal)-[r]->(n) RETURN p

    Find all Owners of Azure Applications

    MATCH p = (n)-[r:AZOwns]->(g:AZApp) RETURN p

    Console

    Return All Azure Users

    MATCH (n:AZUser) return n.name

    Return All Azure Applications

    MATCH (n:AZApp) return n.objectid

    Return All Azure Devices

    MATCH (n:AZDevice) return n.name

    Return All Azure Groups

    MATCH (n:AZGroup) return n.name

    Return all Azure Key Vaults

    MATCH (n:AZKeyVault) return n.name

    Return all Azure Resource Groups

    MATCH (n:AZResourceGroup) return n.name

    Return all Azure Service Principals

    MATCH (n:AZServicePrincipal) return n.objectid

    Return all Azure Virtual Machines

    MATCH (n:AZVM) return n.name

    Find All Principals with the ‘Contributor’ role

    MATCH p = (n)-[r:AZContributor]->(g) RETURN p
Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now