Skip to content

Instantly share code, notes, and snippets.

@luis261
Created February 2, 2023 06:29
Show Gist options
  • Save luis261/852b3aa5717c52c936cc92d225b3fcc7 to your computer and use it in GitHub Desktop.
Save luis261/852b3aa5717c52c936cc92d225b3fcc7 to your computer and use it in GitHub Desktop.
# examples and descriptions taken from: https://learn.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4768
# put the options you want described in here
option_inquiries = [
"0x40810010",
"0x40810000",
"0x60810010"
]
descriptions = [
None,
"Forwardable",
"Forwarded",
"Proxiable",
"Proxy",
"Allow-postdate",
"Postdated",
"Invalid",
"Renewable",
"Initial",
"Pre-authent",
"Opt-hardware-auth",
"Transited-policy-checked",
"Ok-as-delegate",
"Request-anonymous",
"Name-canonicalize",
None,
None,
None,
None,
None,
None,
None,
None,
None,
None,
"Disable-transited-check",
"Renewable-ok",
"Enc-tkt-in-skey",
"Unused",
"Renew",
"Validate"
]
def describe_ticket_options(hex_opts: str) -> str:
description = ""
opt_flags = bin(int(hex_opts, 16) + pow(2, 31))[2:]
for i, flag in enumerate(opt_flags):
if flag == "1" and descriptions[i] is not None:
description += " " + descriptions[i]
return description
def main():
for opts in option_inquiries:
print(opts + ": " + describe_ticket_options(opts))
if __name__ == "__main__":
main()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment