NTAuthStore

This article outlines the NTAuthStore node in BloodHound, it describes the node's properties and possible incoming/outgoing edges.

Representation

The NTAuthStore node represents the Active Directory LDAP object named NTAuthCertificates (of the certificationAuthority class) located in the Public Key Services container in the Configuration Naming Context.

Node properties

The node supports the properties of the table. Three types of property names will be used, depending on where the property is found:

  • Entity Panel: Name shown in the BloodHound UI.
  • Database: Name stored in the BloodHound database and returned by the BloodHound API. This is to be used when running Cypher queries.
  • Directory: Name collected from the directory the node is stored in, for example, the LDAP name for an Active Directory property.
Entity Panel Database Directory Description
Object ID

objectid

objectGUID The object's unique identifier in the directory.
ACL Inheritance Denied

isaclprotected

nTSecurityDescriptor Whether inherited permissions (ACEs) from containers are blocked on this object.
Certificate Thumbprints certthumbprints caCertificate (X509Certificate) The thumbprint (unique identifier) of the CA certificates trusted for NT authentication.
Created whencreated whenCreated When the object was created in the directory.
Distinguished Name distinguishedname distinguishedName The name of the object and its location in AD.
Domain FQDN domain - The fully qualified domain name (FQDN) of the domain the object belongs to.
Domain SID domainsid - The SID of the domain the object belongs to.
Last Collected by BloodHound lastseen - When the object was last collected and ingested in BloodHound.
- name name + domain name Name of the object + @ + the name of the domain. 

 

Edges

The following edge types may be linked to/from this node. See the edges documentation for more information on the edge types.

Incoming edges

Edge type Entity panel category
GenericAll Inbound Object Control
GenericWrite Inbound Object Control
Owns Inbound Object Control
TrustedForNTAuth -
WriteDacl Inbound Object Control
WriteOwner Inbound Object Control

Outgoing edges

Edge type Entity panel category
NTAuthStoreFor -

References

Updated