public async Task <HashSet <Microsoft.Graph.DirectoryObject> > DeviceOwners() { try { var directoryRoles = await _microsoftGraphApiHelper.GetDirectoryRoles(); var devices = await _microsoftGraphApiHelper.GetDevices(); HashSet <Microsoft.Graph.DirectoryObject> ownersList = new HashSet <Microsoft.Graph.DirectoryObject>(); await devices. Where(_ => _.DisplayName != null). ForEachAsync(async _ => { _deviceObjectIdToDeviceId.Add(_.DeviceId, _.Id); var ownerList = (await _microsoftGraphApiHelper.GetRegisteredOwners(_.Id)) .Where(__ => __ != null).ToList(); BloodHoundHelper.DeviceOwners(_, ownerList); if (Startup.IsCosmosDbGraphEnabled) { CosmosDbGraphHelper.DeviceOwners(_, ownerList, directoryRoles); } ownersList.UnionWith(ownerList); }); return(ownersList); } catch (Exception ex) { _logger.Error(ex, $"{nameof(DeviceOwners)} {ex.Message} {ex.InnerException}"); return(null); } }
public async Task <HashSet <string> > Groups() { try { var groupsCollectionPage = await _microsoftGraphApiHelper.GetGroups(); var groups = new HashSet <string>(); await groupsCollectionPage.ForEachAsync(async _ => { var groupMembersList = await _microsoftGraphApiHelper.GetGroupMembers(_.Id); var groupMembers = BloodHoundHelper.BuildGroupMembersList(groupMembersList); BloodHoundHelper.GroupMembership(_, groupMembers); if (Startup.IsCosmosDbGraphEnabled) { CosmosDbGraphHelper.GroupMembership(_, groupMembers); } groups.Add(_.DisplayName); }); return(groups); } catch (Exception ex) { _logger.Error(ex, $"{nameof(Groups)} {ex.Message} {ex.InnerException}"); return(null); } }
public async Task <HashSet <string> > Users() { try { var users = await _microsoftGraphApiHelper.GetUsers(); var usersDisplayNames = new HashSet <string>(); users .Where(_ => _.DisplayName != null) .ForEach(_ => { BloodHoundHelper.Users(_); if (Startup.IsCosmosDbGraphEnabled) { CosmosDbGraphHelper.Users(_); } usersDisplayNames.Add(_.DisplayName); }); return(usersDisplayNames); } catch (Exception ex) { _logger.Error(ex, $"{nameof(Users)} {ex.Message} {ex.InnerException}"); return(null); } }
public async Task <HashSet <string> > DirectoryRoles() { try { var directoryRoles = await GraphServiceHelper.GetDirectoryRolesAsync(_graphClient, _httpContext); var userIds = await GraphServiceHelper.GetUsersAsync(_graphClient, _httpContext); var administrators = new HashSet <string>(); var directoryRolesNames = new HashSet <string>(); await directoryRoles.ForEachAsync(async _ => { var roleMembers = await GraphServiceHelper.GetDirectoryRoleMembers(_graphClient, _httpContext, _.Id); var members = Extensions.DirectoryRoleMembersResultsToList(roleMembers); BloodHoundHelper.DirectoryRoleMembership(_, members); if (Startup.IsCosmosDbGraphEnabled) { CosmosDbGraphHelper.DirectoryRoleMembership(_, members); GetDeviceAdministratorsIds(_.DisplayName, members, administrators); CosmosDbGraphHelper.DirectoryRolePermissions(_, userIds, administrators); } directoryRolesNames.Add(_.DisplayName); }); return(directoryRolesNames); } catch (Exception ex) { _logger.Error(ex, $"{nameof(DirectoryRoles)} {ex.Message} {ex.InnerException}"); return(null); } }
public async Task <int> Applications() { try { var applications = await GraphServiceHelper.GetApplications(_graphClient); applications.ForEach(async _ => { try { var owners = await GraphServiceHelper.GetApplicationsOwner(_graphClient, _.Id); CosmosDbGraphHelper.AppOwnership(_, owners); } catch (Exception e) { Console.WriteLine(e); } } ); return(applications.Count); } catch (Exception e) { Console.WriteLine(e); throw; } return(0); }
public async Task AppSignIns() { try { var appsPermissions = await _microsoftGraphApiHelper.GetAppsPermission(); var servicePrincipals = await _microsoftGraphApiHelper.GetServicePrincipals(); var appIdToNameDictionary = new Dictionary <string, string>(); servicePrincipals.ForEach(_ => appIdToNameDictionary.Add( _["id"].Value <string>(), _["appDisplayName"].Value <string>()) ); var appIdToPermissionsSetDictionary = new Dictionary <string, HashSet <string> >(); appsPermissions.ForEach(_ => { var permissionsSet = _["scope"].Value <string>().Split(' ').ToHashSet(); var appId = _["clientId"].Value <string>(); var principalId = _["principalId"].Value <string>(); appIdToNameDictionary.TryGetValue(appId, out var appDisplayName); appIdToPermissionsSetDictionary.CreateOrUpdate( appDisplayName ?? appId, () => permissionsSet, __ => __.Union(permissionsSet).ToHashSet() ); //BloodHoundHelper.Applications(appDisplayName ?? appId, permissionsSet, principalId); if (Startup.IsCosmosDbGraphEnabled) { CosmosDbGraphHelper.Applications(appDisplayName, appId, permissionsSet, principalId); } }); /* * Creating connections based on permissions * foreach (var (appId, appDisplayName) in appIdToNameDictionary) * { * var vertex = new GremlinVertex(appId, nameof(Application)); * vertex.AddProperty(CosmosDbHelper.CollectionPartitionKey, appId.GetHashCode()); * vertex.AddProperty(nameof(appDisplayName), appDisplayName?.ToUpper() ?? string.Empty); * gremlinVertices.Add(vertex); * } * * var mailBoxes = new GremlinVertex("MailBoxes", "MailBoxes"); * mailBoxes.AddProperty(CosmosDbHelper.CollectionPartitionKey, "MailBoxes".GetHashCode()); * gremlinVertices.Add(mailBoxes);*/ } catch (Exception ex) { _logger.Error(ex, $"{nameof(AppSignIns)} {ex.Message} {ex.InnerException}"); } }
public async Task <List <InteractiveLogon> > InteractiveLogOns() { try { var signIns = await _microsoftGraphApiHelper.GetSignIns(); var interactiveLogOns = new List <InteractiveLogon>(); signIns .Where(_ => _.ClientAppUsed?.Equals("Mobile Apps and Desktop clients", StringComparison.OrdinalIgnoreCase) == true) .Where(_ => _.ResourceDisplayName?.Equals("Windows Azure Active Directory", StringComparison.OrdinalIgnoreCase) == true) .Where(_ => _.CreatedDateTime.HasValue && _.CreatedDateTime.Value.UtcDateTime.IsNotOlderThan(2.Days())) .ForEach(_ => { interactiveLogOns.Add( new InteractiveLogon( _.DeviceDetail, _.Location, _.UserId, _.CreatedDateTime.GetValueOrDefault().UtcDateTime, _.UserDisplayName)); }); interactiveLogOns.DistinctBy(_ => new { _.UserId, _.DeviceId }); interactiveLogOns. Where(_ => _.UserId != null && _.UserDisplayName != null && _.DeviceDisplayName != null). ForEach(_ => { BloodHoundHelper.InteractiveLogOns(_); if (Startup.IsCosmosDbGraphEnabled) { CosmosDbGraphHelper.InteractiveLogOns(_, _deviceObjectIdToDeviceId); } }); return(interactiveLogOns); } catch (Exception ex) { _logger.Error(ex, $"{nameof(InteractiveLogOns)} {ex.Message} {ex.InnerException}"); return(null); } }
public static async Task <List <string> > GetUsersAsync(GraphServiceClient graphClient, HttpContext httpContext) { IUserDeltaCollectionPage userPage = new UserDeltaCollectionPage(); userPage.InitializeNextPageRequest( graphClient, graphClient. Users. Delta(). Request(). Select("Id,displayName,userPrincipalName,mail"). RequestUrl); var pageRequestCount = 0; var userIds = new List <string>(); do { userPage = await userPage.NextPageRequest.GetAsync(CancellationToken.None); userPage .Where(_ => _.DisplayName != null) .ForEach(_ => { if (Startup.IsCosmosDbGraphEnabled) { CosmosDbGraphHelper.Users(_); userIds.Add(_.Id); } }); pageRequestCount++; }while (userPage.NextPageRequest != null && pageRequestCount < _maxPageRequestsPerTenant); return(userIds); }
public async Task <int> ServicePrincipals() { try { var appsPermissions = await GraphServiceHelper.GetAppsPermission(_graphClient, _httpContext); var principalsPermissions = await GraphServiceHelper.GetDirectoryAudits(_graphClient, _httpContext); var servicePrincipals = await GraphServiceHelper.GetServicePrincipals(_graphClient, _httpContext); var principalIdToPermissions = new Dictionary <string, HashSet <string> >(); principalsPermissions.ForEach(_ => { principalIdToPermissions.TryAdd( _.TargetResources.First().Id, ToHashSetExtension.ToHashSet(_.TargetResources.First().ModifiedProperties.First(__ => __.DisplayName == "ConsentAction.Permissions").NewValue.Split("Scope:").Last(). Split("]").First().Split(" ").Where(__ => __ != "")) ); }); var appIdToPermissionsSetDictionary = new Dictionary <string, HashSet <string> >(); appsPermissions.ForEach(_ => { var permissionsSet = ToHashSetExtension.ToHashSet(Newtonsoft.Json.Linq.Extensions.Value <string>(_["scope"]) .Split(' ')); var appId = Newtonsoft.Json.Linq.Extensions.Value <string>(_["clientId"]); appIdToPermissionsSetDictionary.TryAdd(appId, permissionsSet); }); var appIdToNameDictionary = new Dictionary <string, Tuple <string, string, string, string> >(); servicePrincipals.ForEach(_ => appIdToNameDictionary.Add( Newtonsoft.Json.Linq.Extensions.Value <string>(_["id"]), new Tuple <string, string, string, string>( Newtonsoft.Json.Linq.Extensions.Value <string>(_["appId"]), Newtonsoft.Json.Linq.Extensions.Value <string>(_["displayName"]), Newtonsoft.Json.Linq.Extensions.Value <string>(_["homepage"]), Newtonsoft.Json.Linq.Extensions.Value <string>(_["appOwnerOrganizationId"]) ))); appIdToNameDictionary.ForEach(_ => { appIdToPermissionsSetDictionary.TryGetValue(_.Key, out var appPermissions); principalIdToPermissions.TryGetValue(_.Key, out var principalPermissions); if (Startup.IsCosmosDbGraphEnabled && (principalPermissions != null || appPermissions != null)) { if (principalPermissions != null) { CosmosDbGraphHelper.Applications(_.Value.Item2, _.Value.Item1, principalPermissions, UserIds, _.Key, _.Value.Item3, _.Value.Item4); } else { CosmosDbGraphHelper.Applications(_.Value.Item2, _.Key, appPermissions, UserIds, _.Value.Item1, _.Value.Item3, _.Value.Item4); } } }); return(appIdToNameDictionary.Count); } catch (Exception ex) { _logger.Error(ex, $"{nameof(ServicePrincipals)} {ex.Message} {ex.InnerException}"); } return(0); }