- In total, $RiskLevelCountCritical critical, $RiskLevelCountHigh high, $RiskLevelCountMedium medium, and $RiskLevelCountLow low risk ACE (Access Control Entry) configurations were discovered across $ExcessiveSharesCount shares, hosted by $ComputerWithExcessive computers in the $TargetDomain Active Directory domain. The affected shares were found hosting $InterestingFilesAllObjectsSecretCount files that may contain passwords and $InterestingFilesAllObjectsSensitiveCount files that may contain sensitive data. Overall, $InterestingFilesAllFilesCount interesting files were found that could potentially lead to unauthorized data access or remote code execution.
+ In total, $RiskLevelCountCritical critical, $RiskLevelCountHigh high, $RiskLevelCountMedium medium, and $RiskLevelCountLow low risk ACE (Access Control Entry) configurations were discovered across $ExcessiveSharesCount shares, hosted by $ComputerWithExcessive computers in the $TargetDomain Active Directory domain. The affected shares were found hosting $InterestingFilesAllObjectsSecretCount files that may contain passwords and $InterestingFilesAllObjectsSensitiveCount files that may contain sensitive data. $SecretsRecoveredCount credentials were recovered from $SecretsRecoveredFileCount of the discovered $InterestingFilesAllObjectsSecretCount secrets files. Overall, $InterestingFilesAllFilesCount interesting files were found accessible to all domain users that could potentially lead to unauthorized data access or remote code execution.
@@ -6170,43 +6172,50 @@ $CardLastModifiedTimeLine
$ComputerCount computers were found in the $TargetDomain Active Directory domain, $ComputerPingableCount responded to ping requests, $Computers445OpenCount had port 445 open, and $ComputerWithExcessive were found hosting shares configured with excessive privileges. Below is a list of the computers hosting shares configured with excessive privileges.
-
+
-
-
- Live Computers Found
-
-
-
- $PeerComparisonComputerCount
-
-
-
- ($ComputerWithExcessive host shares with excessive privileges)
-
-
+
+
+
+
+ Live Computers Found
+
+
+
+ $PeerComparisonComputerCount
+
+
+
+ ($ComputerWithExcessive host shares with excessive privileges)
+
+
+
+
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
-
+
Clear
+
+
+
+ Identities Found
+
+
+
+ $IdentityCombinedListCount
+
+
+
+
-
-
- Identities Assigned Ownership
-
-
-
- $IdentityOwnerListCount
-
-
-
-
-
-
- Identities Assigned Privileges
-
-
-
- $IdentityReferenceListCount
-
-
-
-
-
+
+
+
+
+ Identities Assigned Ownership
+
+
+
+ $IdentityOwnerListCount
+
+
+
+
+
+
+
+
+
+ Identities Assigned Privileges
+
+
+
+ $IdentityReferenceListCount
+
+
+
+
+
+
+
+
Note: Within the context of this report, all read and write access the "Everyone", "Authenticated Users", "BUILTIN\Users", "Domain Users", or "Domain Computers" groups are considered excessive privileges, because all provide domain users access to the affected shares due to privilege inheritance.
@@ -6363,40 +6384,45 @@ Note: Within the context of this report, all read and write access the "Everyone
Below is a list of the ACE (access control entries) configured with excessive privileges found in the $TargetDomain Active Directory domain.
-
-
- Inescure ACEs Found
-
-
-
- $ExcessiveSharePrivsCount
-
-
+
+
+
+
+
+ Insecure ACEs Found
+
+
+
+ $ExcessiveSharePrivsCount
+
+
+
+
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
Clear
+
+
+
+ Shares Found
+
+
+
+ $ExcessiveSharesCount
+
+
+
+ ($ShareNameChartCount unique names)
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
-
+
Quick Filters
@@ -7059,34 +7088,35 @@ This section lists the most common share owners.
Folder groups are SMB shares that contain the exact same file listing. Each folder group has been hashed so they can be quickly correlated. In some cases, shares with the exact same file listing may be related to a single application or process. This information can help identify the root cause associated with the excessive privileges and expedite remediation.