mez-0/user-data-structure.json Secret

## user-data-structure.json
{
  "metadata": {
    "uuid": "2500c5af-92f1-4011-b550-b17a474c1cdc",
    "date": "Sat 06 Jan 16:53:58 2024",
    "expiry_date": "Mon 05 Feb 16:53:58 2024",
    "object_type": "user",
    "engagement_number": 9478,
    "engagement_type": "AAS",
    "origins": [
      "sidekick-sample"
    ],
    "relevance": {
      "score": 0,
      "title": "INFO",
      "purpose_count": {},
      "all_values": [],
      "reasons": []
    },
    "tags": []
  },
  "full_name": "Jeffrey Blackwell",
  "department": "HR",
  "email": {
    "email": "jeffrey.blackwell@evilcorp.org",
    "verified": true
  },
  "username": {
    "username": "jb4263",
    "verified": false
  },
  "credentials": {
    "metadata": {
      "uuid": "7d39a139-7823-4f5d-91e6-e58e693c8684",
      "date": "Sat 06 Jan 16:53:58 2024",
      "expiry_date": "Mon 05 Feb 16:53:58 2024",
      "object_type": "credentials",
      "engagement_number": 9478,
      "engagement_type": "AAS",
      "origins": [
        "example"
      ],
      "relevance": {
        "score": 0,
        "title": "INFO",
        "purpose_count": {},
        "all_values": [],
        "reasons": []
      },
      "tags": []
    },
    "clear_passwords": [],
    "hashed_passwords": []
  },
  "breaches": [
    "InflateVids",
    "Onliner Spambot"
  ],
  "address": "1631 Rios Well",
  "azure": {
    "enabled": true,
    "usertype": "Member",
    "objectid": "9517c73e-cea6-49da-ad20-8b8594965fd5",
    "userprincipalname": "jb4263@evilcorp.org",
    "city": "South Angelachester",
    "country": "Tajikistan",
    "postalcode": "88454",
    "state": "Maryland",
    "streetaddress": "1631 Rios Well",
    "department": "HR",
    "displayname": "Jeffrey Blackwell",
    "dirsyncenabled": false,
    "jobtitle": "Human Resources",
    "lastdirsynctime": "Tue 02 Jan 21:04:50 2024",
    "lastpasswordchangedatetime": "",
    "mail": "jeffrey.blackwell@evilcorp.org",
    "phones": [
      {
        "number": "396.337.9066",
        "verified": true,
        "carrier": "Republic Wireless",
        "phone_type": "voip"
      },
      {
        "number": "5059275340",
        "verified": true,
        "carrier": "US Cellular",
        "phone_type": "voip"
      }
    ],
    "passwordpolicies": "",
    "onpremisesdistinguishedname": "CN=jb4263,OU=Users,DC=evilcorp,DC=org",
    "onpremisesobjectidentifier": "fb52f0ce-2b36-4071-954c-c3ccc2dd6d05",
    "onpremisespasswordchangetimestamp": 1704359072,
    "onpremisessamaccountname": "jb4263",
    "onpremisessecurityidentifier": "S-1-4200135526-3034743923-3739"
  },
  "phones": [
    {
      "number": "396.337.9066",
      "verified": true,
      "carrier": "Republic Wireless",
      "phone_type": "voip"
    },
    {
      "number": "5059275340",
      "verified": true,
      "carrier": "US Cellular",
      "phone_type": "voip"
    }
  ],
  "title": "Human Resources",
  "local_groups": [
    "VPN Read Only",
    "VPN Admins",
    "Sales",
    "Pre-Windows 2000 Compatible Access",
    "Terminal Server License Servers",
    "Domain Admins"
  ],
  "active_directory": {
    "sid": "S-1-6284222724-2920019262-4435",
    "primary_group_sid": "S-1-4781543275-4378227075-3926",
    "spn_targets": [],
    "is_deleted": true,
    "is_acl_protected": false,
    "distinguished_name": "CN=jb4263,OU=Users,DC=evilcorp,DC=org",
    "domain": "evilcorp.org",
    "unconstrained_delegation": true,
    "allowed_to_delegate": [],
    "trusted_to_auth": true,
    "password_not_reqd": false,
    "enabled": true,
    "last_logon": "Wed 03 Jan 02:49:04 2024",
    "last_logon_timestamp": 1704272553,
    "pwd_last_set": "Mon 01 Jan 22:30:41 2024",
    "dont_req_preauth": false,
    "pwd_never_expires": false,
    "sensitive": true,
    "service_principal_names": [
      "rpc/MSSQL.4903.evilcorp.org",
      "smtp/MSSQL.8831.evilcorp.org",
      "nfs/DNS.7923.evilcorp.org"
    ],
    "has_spn": true,
    "display_name": "Tammy Davidson",
    "home_directory": "/fire/natural.js",
    "description": "Read thousand green look citizen hotel.",
    "user_password": "",
    "admin_count": false,
    "sid_history": [],
    "when_created": "Sat 06 Jan 04:05:31 2024",
    "unix_password": "",
    "unicode_password": "",
    "logon_script": "/federal/use.wav",
    "sfu_password": "",
    "groups": []
  },
  "profiles": {
    "linkedin": [
      "https://www.linkedin.com/in/jeffreyblackwell"
    ],
    "github": [
      "https://github.com/jeffreyblackwell"
    ],
    "gitlab": [],
    "twitter": [],
    "websites": []
  },
  "application_usage": [
    {
      "start_time": "Thu 04 Jan 05:49:28 2024",
      "name": "Microsoft Outlook",
      "display": "Microsoft Outlook",
      "description": "Microsoft Outlook"
    }
  ],
  "activity_sessions": [
    {
      "start": "Mon 01 Jan 01:43:59 2024",
      "end": "Mon 01 Jan 02:23:22 2024",
      "length": 2363
    },
    {
      "start": "Mon 01 Jan 12:57:33 2024",
      "end": "Mon 01 Jan 13:10:45 2024",
      "length": 792
    },
    {
      "start": "Thu 04 Jan 18:27:13 2024",
      "end": "Thu 04 Jan 18:56:37 2024",
      "length": 1764
    },
    {
      "start": "Tue 02 Jan 12:02:56 2024",
      "end": "Tue 02 Jan 12:05:20 2024",
      "length": 144
    },
    {
      "start": "Fri 05 Jan 06:11:15 2024",
      "end": "Fri 05 Jan 06:29:29 2024",
      "length": 1094
    }
  ]
}
	{
	"metadata": {
	"uuid": "2500c5af-92f1-4011-b550-b17a474c1cdc",
	"date": "Sat 06 Jan 16:53:58 2024",
	"expiry_date": "Mon 05 Feb 16:53:58 2024",
	"object_type": "user",
	"engagement_number": 9478,
	"engagement_type": "AAS",
	"origins": [
	"sidekick-sample"
	],
	"relevance": {
	"score": 0,
	"title": "INFO",
	"purpose_count": {},
	"all_values": [],
	"reasons": []
	},
	"tags": []
	},
	"full_name": "Jeffrey Blackwell",
	"department": "HR",
	"email": {
	"email": "jeffrey.blackwell@evilcorp.org",
	"verified": true
	},
	"username": {
	"username": "jb4263",
	"verified": false
	},
	"credentials": {
	"metadata": {
	"uuid": "7d39a139-7823-4f5d-91e6-e58e693c8684",
	"date": "Sat 06 Jan 16:53:58 2024",
	"expiry_date": "Mon 05 Feb 16:53:58 2024",
	"object_type": "credentials",
	"engagement_number": 9478,
	"engagement_type": "AAS",
	"origins": [
	"example"
	],
	"relevance": {
	"score": 0,
	"title": "INFO",
	"purpose_count": {},
	"all_values": [],
	"reasons": []
	},
	"tags": []
	},
	"clear_passwords": [],
	"hashed_passwords": []
	},
	"breaches": [
	"InflateVids",
	"Onliner Spambot"
	],
	"address": "1631 Rios Well",
	"azure": {
	"enabled": true,
	"usertype": "Member",
	"objectid": "9517c73e-cea6-49da-ad20-8b8594965fd5",
	"userprincipalname": "jb4263@evilcorp.org",
	"city": "South Angelachester",
	"country": "Tajikistan",
	"postalcode": "88454",
	"state": "Maryland",
	"streetaddress": "1631 Rios Well",
	"department": "HR",
	"displayname": "Jeffrey Blackwell",
	"dirsyncenabled": false,
	"jobtitle": "Human Resources",
	"lastdirsynctime": "Tue 02 Jan 21:04:50 2024",
	"lastpasswordchangedatetime": "",
	"mail": "jeffrey.blackwell@evilcorp.org",
	"phones": [
	{
	"number": "396.337.9066",
	"verified": true,
	"carrier": "Republic Wireless",
	"phone_type": "voip"
	},
	{
	"number": "5059275340",
	"verified": true,
	"carrier": "US Cellular",
	"phone_type": "voip"
	}
	],
	"passwordpolicies": "",
	"onpremisesdistinguishedname": "CN=jb4263,OU=Users,DC=evilcorp,DC=org",
	"onpremisesobjectidentifier": "fb52f0ce-2b36-4071-954c-c3ccc2dd6d05",
	"onpremisespasswordchangetimestamp": 1704359072,
	"onpremisessamaccountname": "jb4263",
	"onpremisessecurityidentifier": "S-1-4200135526-3034743923-3739"
	},
	"phones": [
	{
	"number": "396.337.9066",
	"verified": true,
	"carrier": "Republic Wireless",
	"phone_type": "voip"
	},
	{
	"number": "5059275340",
	"verified": true,
	"carrier": "US Cellular",
	"phone_type": "voip"
	}
	],
	"title": "Human Resources",
	"local_groups": [
	"VPN Read Only",
	"VPN Admins",
	"Sales",
	"Pre-Windows 2000 Compatible Access",
	"Terminal Server License Servers",
	"Domain Admins"
	],
	"active_directory": {
	"sid": "S-1-6284222724-2920019262-4435",
	"primary_group_sid": "S-1-4781543275-4378227075-3926",
	"spn_targets": [],
	"is_deleted": true,
	"is_acl_protected": false,
	"distinguished_name": "CN=jb4263,OU=Users,DC=evilcorp,DC=org",
	"domain": "evilcorp.org",
	"unconstrained_delegation": true,
	"allowed_to_delegate": [],
	"trusted_to_auth": true,
	"password_not_reqd": false,
	"enabled": true,
	"last_logon": "Wed 03 Jan 02:49:04 2024",
	"last_logon_timestamp": 1704272553,
	"pwd_last_set": "Mon 01 Jan 22:30:41 2024",
	"dont_req_preauth": false,
	"pwd_never_expires": false,
	"sensitive": true,
	"service_principal_names": [
	"rpc/MSSQL.4903.evilcorp.org",
	"smtp/MSSQL.8831.evilcorp.org",
	"nfs/DNS.7923.evilcorp.org"
	],
	"has_spn": true,
	"display_name": "Tammy Davidson",
	"home_directory": "/fire/natural.js",
	"description": "Read thousand green look citizen hotel.",
	"user_password": "",
	"admin_count": false,
	"sid_history": [],
	"when_created": "Sat 06 Jan 04:05:31 2024",
	"unix_password": "",
	"unicode_password": "",
	"logon_script": "/federal/use.wav",
	"sfu_password": "",
	"groups": []
	},
	"profiles": {
	"linkedin": [
	"https://www.linkedin.com/in/jeffreyblackwell"
	],
	"github": [
	"https://github.com/jeffreyblackwell"
	],
	"gitlab": [],
	"twitter": [],
	"websites": []
	},
	"application_usage": [
	{
	"start_time": "Thu 04 Jan 05:49:28 2024",
	"name": "Microsoft Outlook",
	"display": "Microsoft Outlook",
	"description": "Microsoft Outlook"
	}
	],
	"activity_sessions": [
	{
	"start": "Mon 01 Jan 01:43:59 2024",
	"end": "Mon 01 Jan 02:23:22 2024",
	"length": 2363
	},
	{
	"start": "Mon 01 Jan 12:57:33 2024",
	"end": "Mon 01 Jan 13:10:45 2024",
	"length": 792
	},
	{
	"start": "Thu 04 Jan 18:27:13 2024",
	"end": "Thu 04 Jan 18:56:37 2024",
	"length": 1764
	},
	{
	"start": "Tue 02 Jan 12:02:56 2024",
	"end": "Tue 02 Jan 12:05:20 2024",
	"length": 144
	},
	{
	"start": "Fri 05 Jan 06:11:15 2024",
	"end": "Fri 05 Jan 06:29:29 2024",
	"length": 1094
	}
	]
	}