mirror of
https://github.com/empayre/fleet.git
synced 2024-11-06 17:05:18 +00:00
1f87644a23
* Initial cut of Win tables schema * Add context * Formatting fixes * Add bitlocker_info * Remove temp stuff * Remove temp stuff redux * Apply suggestions from code review Co-authored-by: Guillaume Ross <guillaume@binaryfactory.ca> * Update bitlocker_info.yml * Edited for clarity Co-authored-by: Guillaume Ross <guillaume@binaryfactory.ca>
12 lines
599 B
YAML
12 lines
599 B
YAML
name: shared_resources
|
|
examples: >-
|
|
Network shares with loose access controls are common places that leak sensitive information. This query looks for shared drives on Windows systems that likely contain sensitive data, by listing all shared folders that have the word `backup` in their name. This does not include `ADMIN$` type shares.
|
|
|
|
```
|
|
|
|
SELECT description,name,path FROM shared_resources WHERE type = 0 and name like '%backup%';
|
|
|
|
```
|
|
|
|
notes: >-
|
|
* `type_name` is a human readable value of the type column. These values can include: "Disk Drive Admin", "IPC Admin", "Disk Drive" |