We’re incredibly excited to re-start SO-CON, our annual security conference and training summit!
🗓️ March 11 - 15, 2024, at Convene in Arlington, VA
🏔️ Full day, multi-track summit with presentations on a variety of security topics
🎓 Four days of training classes, including our first-ever Azure Security Fundamentals course!
Training students will receive free entry to the summit, and classes are available for a 25% early registration discount, with summit registration coming soon! Find out more and sign up at https://specterops.io/so-con/!
Export JSON from Explore - The Explore page now supports the ability to export the currently displayed data in JSON format! With this change, we’ve collapsed the options on the bottom of the graph pane to consolidate use of space.
Property quality of life improvements - We’ve extended the built-in schema to provide friendly names for additional object properties and include additional attributes in the Cypher autocomplete capability.
Other improvements:
Improved the accuracy of the “Groups with foreign domain group membership” saved query.
[BHE Only] Environment Posture endpoint now supports tenant filtering.
LDAPS support - SharpHound Enterprise will now attempt to utilize LDAPS by default on port 636/TCP before falling back to signed and sealed LDAP. Customers may enforce LDAPS through the “ForceLDAPSSL” option in settings.json. See SharpHound Enterprise Local Configuration for more.
Caching enhancements - SharpHound has improved caching performance and will automatically invalidate local cache data on newer versions and every 30 days to ensure improved data accuracy while maintaining collection improvements offered by the cache.
Collection speed improvements - Optimized LDAP queries will enable significant collection performance improvements. These improvements will be most notable during local group and session enumeration in large environments.
Modern LAPS support - Added support for modern LAPS for the haslaps property on computer objects.
Port scan timeout configuration - Added support for configuring the port scan timeout utilized for privileged collection on domain-joined systems (defaults to 500ms).
Concurrent thread configuration - Added support for configuring the number of concurrent consumer threads active in SharpHound (defaults to 50). Consumer threads process data from the main LDAP queries to perform data enrichment or connect to domain-joined systems for performing privileged collections.