Red Teaming Experiments
linkedingithub@spotheplanetpatreon
Search…
What is ired.team?
Pinned
Pentesting Cheatsheets
Active Directory & Kerberos Abuse
offensive security
Red Team Infrastructure
Initial Access
Code Execution
Code & Process Injection
Defense Evasion
Enumeration and Discovery
Privilege Escalation
Credential Access & Dumping
Lateral Movement
Persistence
Exfiltration
reversing, forensics & misc
Internals
Cloud
Neo4j
Dump Virtual Box Memory
AES Encryption Using Crypto++ .lib in Visual Studio C++
Reversing Password Checking Routine
Powered By GitBook
Neo4j
This is a living document that captures notes related to anything and all neo4j and cypher queries.

List Databases

show databases

Create New Database

create database spotless

Switch Database

:use spotless

Import Data from CSV and Define Relationships Between Nodes

Sample Data

Below is a sample CSV file with 3 columns, that represents Windows authentication information between different endpoints (think lateral movement detection/investigation/threat hunting):
Column
Meaning
SourceComputer
A computer that successfully authenticated to a DestinationComputer
DestinationComputer
A computer that SourceComputer authenticated to
DestinationUserName
A user name that was used to logon from SourceComputer to DestinationComputer
lateral-movement.csv
"SourceComputer","DestinationComputer","DestinationUserName"
"WS01","WS02","administrator"
"WS01","WS03","administrator"
"WS02","WS03","administrator"
"WS03","WS04","administrator"
"WS04","WS05","administrator"
"WS05","WS06","administrator"
"WS06","WS07","administrator"
"WS07","DB01","administrator"
"DB01","FS05","administrator"
"FS05","DC01","da-james"
"WS01","WS04","billy"
"WS02","WS04","sally"
"WS03","WS02","fred"
"WS03","WS02","james"
"WS01","WS02","james"
The file needs to be saved to the import folder of your database folder. In my case, the path is C:\Users\User\AppData\Local\Neo4j\Relate\Data\dbmss\dbms-8320b8a8-e54d-4742-a432-c8014b5968ec\import\lateral-movement.csv

Importing Nodes from CSV and Creating Relationships

LOAD CSV WITH HEADERS FROM 'file:///lateral-movement.csv' AS line
MERGE (a:Computer {Computer:line.SourceComputer} )
MERGE (b:Computer {Computer:line.DestinationComputer} )
MERGE (a) -[:LOGGED_IN {loggedAs:line.DestinationUserName}]-> (b)

Clean Database

match (a) -[r] -> () delete a, r; match (a) delete a

Match Nodes WHERE DestinationComputer Contains "WS"

MATCH p=()-[r:LOGGED_IN]->(m:Computer) where m.Computer CONTAINS "WS" RETURN p LIMIT 25

Match Nodes WHERE Relationship Contains "james"

MATCH p=()-[r:LOGGED_IN]->() where (r.loggedAs contains "james") RETURN p LIMIT 25

Match Nodes with 3 Hops Between Them

MATCH p=()-[r:LOGGED_IN*3]->() RETURN p LIMIT 25
Previous
AWS Accounts, Users, Groups, Roles, Policies
Next - reversing, forensics & misc
Dump Virtual Box Memory
Last modified 1yr ago
Copy link
Outline
List Databases
Create New Database
Switch Database
Import Data from CSV and Define Relationships Between Nodes
Sample Data
Importing Nodes from CSV and Creating Relationships
Clean Database
Match Nodes WHERE DestinationComputer Contains "WS"
Match Nodes WHERE Relationship Contains "james"
Match Nodes with 3 Hops Between Them