From e8bfa28c430bce6f94a3dd8c91ec70e6731865be Mon Sep 17 00:00:00 2001
From: Martin <mchristensen@specterops.io>
Date: Tue, 17 Jun 2025 15:06:56 +0200
Subject: [PATCH 1/4] rename file to match yml name

---
 queries/{All Operator groups.yml => All Operators.yml} | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename queries/{All Operator groups.yml => All Operators.yml} (100%)

diff --git a/queries/All Operator groups.yml b/queries/All Operators.yml
similarity index 100%
rename from queries/All Operator groups.yml
rename to queries/All Operators.yml

From f7cbbf81e289a926d4f7a9c6ea37a1287717a3f4 Mon Sep 17 00:00:00 2001
From: Martin <mchristensen@specterops.io>
Date: Tue, 17 Jun 2025 15:07:08 +0200
Subject: [PATCH 2/4] yml name typo

---
 .../Tier Zero computers not requiring inbound SMB signing.yml   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/queries/Tier Zero computers not requiring inbound SMB signing.yml b/queries/Tier Zero computers not requiring inbound SMB signing.yml
index 49357d0..f5041ad 100644
--- a/queries/Tier Zero computers not requiring inbound SMB signing.yml	
+++ b/queries/Tier Zero computers not requiring inbound SMB signing.yml	
@@ -1,4 +1,4 @@
-name: Tier Zero omputers not requiring inbound SMB signing
+name: Tier Zero computers not requiring inbound SMB signing
 guid: 13485477-f026-4b1f-906d-4f2e37364ba4
 prebuilt: false
 platforms: Active Directory

From 10f78e6dd39fd76c9cf01a570d9936354c4b8607 Mon Sep 17 00:00:00 2001
From: Martin <mchristensen@specterops.io>
Date: Tue, 17 Jun 2025 15:07:27 +0200
Subject: [PATCH 3/4] rename yml name to match filename

---
 queries/Uncommon permission on containers.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/queries/Uncommon permission on containers.yml b/queries/Uncommon permission on containers.yml
index 8898dde..01069e2 100644
--- a/queries/Uncommon permission on containers.yml	
+++ b/queries/Uncommon permission on containers.yml	
@@ -1,4 +1,4 @@
-name: Circular AD group memberships
+name: Uncommon permission on containers
 guid: 018c2b45-e30f-47d8-a751-22419c3d0736
 prebuilt: false
 platforms: Active Directory

From 655b970031257bd32911387a978b063413e35cfa Mon Sep 17 00:00:00 2001
From: "github-actions[bot]" <github-actions[bot]@users.noreply.github.com>
Date: Tue, 17 Jun 2025 13:08:48 +0000
Subject: [PATCH 4/4] Update combined queries

---
 Queries.json | 36 ++++++++++++++++++------------------
 1 file changed, 18 insertions(+), 18 deletions(-)

diff --git a/Queries.json b/Queries.json
index 4caa5c3..67df1ae 100644
--- a/Queries.json
+++ b/Queries.json
@@ -1158,7 +1158,7 @@
     ]
   },
   {
-    "name": "Tier Zero omputers not requiring inbound SMB signing",
+    "name": "Tier Zero computers not requiring inbound SMB signing",
     "guid": "13485477-f026-4b1f-906d-4f2e37364ba4",
     "prebuilt": false,
     "platforms": [
@@ -1539,22 +1539,6 @@
       "Martin Sohn Christensen, @martinsohndk"
     ]
   },
-  {
-    "name": "All Operators",
-    "guid": "3dfd0843-1ff9-4c21-aa67-feae08d109de",
-    "prebuilt": false,
-    "platforms": [
-      "Active Directory"
-    ],
-    "category": "Domain Information",
-    "description": null,
-    "query": "MATCH p=(:Base)-[:MemberOf]->(n:Group)\nWHERE (\n  n.objectid ENDS WITH 'S-1-5-32-551' OR // Backup Operators\n  n.objectid ENDS WITH 'S-1-5-32-556' OR // Network Configuration Operators\n  n.objectid ENDS WITH 'S-1-5-32-549' OR // Server Operators\n  n.objectid ENDS WITH 'S-1-5-32-579' OR // Access Control Assistance Operators\n  n.objectid ENDS WITH 'S-1-5-32-548' OR // Account Operators\n  n.objectid ENDS WITH 'S-1-5-32-569' OR // Cryptographic Operators\n  n.objectid ENDS WITH 'S-1-5-32-550' // Print Operators\n)\nRETURN p",
-    "revision": 1,
-    "resources": [],
-    "acknowledgements": [
-      "Martin Sohn Christensen, @martinsohndk"
-    ]
-  },
   {
     "name": "Shortest paths from Azure Applications to Tier Zero / High Value targets",
     "guid": "60ff7c58-a98e-4bc1-9e32-8378d2db0c43",
@@ -1749,7 +1733,7 @@
     ]
   },
   {
-    "name": "Circular AD group memberships",
+    "name": "Uncommon permission on containers",
     "guid": "018c2b45-e30f-47d8-a751-22419c3d0736",
     "prebuilt": false,
     "platforms": [
@@ -1796,6 +1780,22 @@
     "resources": [],
     "acknowledgements": []
   },
+  {
+    "name": "All Operators",
+    "guid": "3dfd0843-1ff9-4c21-aa67-feae08d109de",
+    "prebuilt": false,
+    "platforms": [
+      "Active Directory"
+    ],
+    "category": "Domain Information",
+    "description": null,
+    "query": "MATCH p=(:Base)-[:MemberOf]->(n:Group)\nWHERE (\n  n.objectid ENDS WITH 'S-1-5-32-551' OR // Backup Operators\n  n.objectid ENDS WITH 'S-1-5-32-556' OR // Network Configuration Operators\n  n.objectid ENDS WITH 'S-1-5-32-549' OR // Server Operators\n  n.objectid ENDS WITH 'S-1-5-32-579' OR // Access Control Assistance Operators\n  n.objectid ENDS WITH 'S-1-5-32-548' OR // Account Operators\n  n.objectid ENDS WITH 'S-1-5-32-569' OR // Cryptographic Operators\n  n.objectid ENDS WITH 'S-1-5-32-550' // Print Operators\n)\nRETURN p",
+    "revision": 1,
+    "resources": [],
+    "acknowledgements": [
+      "Martin Sohn Christensen, @martinsohndk"
+    ]
+  },
   {
     "name": "Shortest paths from Owned objects to Tier Zero",
     "guid": "dfaa8e8f-2c79-4e92-a291-b1347f6e83b0",