feat: add stall-recovery cold-start fallback for automated op recovery#330
Open
l50 wants to merge 2 commits into
Open
feat: add stall-recovery cold-start fallback for automated op recovery#330l50 wants to merge 2 commits into
l50 wants to merge 2 commits into
Conversation
…enarios **Added:** - Introduced cold-start stall recovery branch that triggers user enumeration against known domain controllers when no users or credentials have been discovered but DCs are known, falling back to AS-REP roast via seclists and kerbrute if the technique is allowed - Added `stall_cold_start_dedup_key` function to build deduplication keys for cold-start recovery attempts, with tests verifying key construction and lowercasing - Implemented `select_stall_cold_start_work` to choose DCs for cold-start enumeration, respecting deduplication and domain domination, with comprehensive unit tests for edge cases - Registered `DEDUP_STALL_COLD_START` in deduplication set constants and relevant deduplication tracking infrastructure **Changed:** - Modified stall detection logic to dispatch and log cold-start recovery actions, tracking the number of dispatched actions and improving logging granularity for fallback actions - Updated tests and deduplication set assertions to include new cold-start deduplication set
…ection **Changed:** - Reformatted the call to `build_asrep_payload` to use a single-line style, improving code readability and consistency in `auto_stall_detection` function
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #330 +/- ##
==========================================
- Coverage 78.85% 78.84% -0.01%
==========================================
Files 438 438
Lines 125614 125718 +104
==========================================
+ Hits 99050 99123 +73
- Misses 26564 26595 +31
🚀 New features to boost your workflow:
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Key Changes:
users or credentials have been discovered but DCs are known
Added:
domain and recovery attempt, ensuring idempotent dispatch of fallback tasks
select_stall_cold_start_workfunction to select eligible cold-start workitems when the op is stalled with known DCs but no users/creds
auto_stall_detectionto submit AS-REP roast-baseduser enumeration when previous strategies yield no results, gated by the
asrep_roaststrategy allowlistdeduplication across attempts
Changed:
tasks dispatched per recovery attempt, improving observability
modules to include the new
stall_cold_startdedup set