More LAPS

modules/integrations/activedirectory/analyze/analyze-ad.go

@@ -146,6 +146,7 @@ func init() {
 				ui.Error().Msgf("Could not locate machine for domain SID %v", machinesid)
 				return true
 			}
+			machine.Tag("laps")
 
 			for index, acl := range sd.DACL.Entries {
 				if sd.DACL.IsObjectClassAccessAllowed(index, o, engine.RIGHT_DS_CONTROL_ACCESS, lapsGUID, ao) {
@@ -212,6 +213,7 @@ func init() {
 				ui.Error().Msgf("Could not locate machine for domain SID %v", machinesid)
 				return true
 			}
+			machine.Tag("laps")
 
 			for index, acl := range sd.DACL.Entries {
 				if sd.DACL.IsObjectClassAccessAllowed(index, o, engine.RIGHT_DS_CONTROL_ACCESS, lapsV2PasswordGUID, ao) {
@@ -220,7 +222,6 @@ func init() {
 				if sd.DACL.IsObjectClassAccessAllowed(index, o, engine.RIGHT_DS_CONTROL_ACCESS, lapsV2EncryptedPasswordGUID, ao) {
 					ao.FindOrAddAdjacentSID(acl.SID, o).EdgeTo(machine, activedirectory.EdgeReadLAPSPassword) // FIXME
 				}
-
 				if sd.DACL.IsObjectClassAccessAllowed(index, o, engine.RIGHT_DS_CONTROL_ACCESS, msLAPSEncryptedPasswordAttributesGUID, ao) {
 					ao.FindOrAddAdjacentSID(acl.SID, o).EdgeTo(machine, activedirectory.EdgeReadLAPSPassword) // FIXME
 				}

modules/integrations/activedirectory/rawobject.go

@@ -98,7 +98,7 @@ func EncodeAttributeData(attribute engine.Attribute, values []string) engine.Att
 			// https://www.sysadmins.lv/blog-en/how-to-convert-ms-pki-roaming-timestamp-attribute.aspx
 			t := util.FiletimeToTime(binary.LittleEndian.Uint64([]byte(value[8:])))
 			attributevalue = engine.AttributeValueTime(t)
-		case AccountExpires, CreationTime, PwdLastSet, LastLogon, LastLogonTimestamp, MSmcsAdmPwdExpirationTime, BadPasswordTime:
+		case AccountExpires, CreationTime, PwdLastSet, LastLogon, LastLogonTimestamp, MSmcsAdmPwdExpirationTime, MSLAPSPasswordExpirationTime, BadPasswordTime:
 			if intval, err := strconv.ParseInt(value, 10, 64); err == nil {
 				if intval == 0 {
 					attributevalue = engine.AttributeValueInt(intval)