- Source: GL_RunnerManager
- Destination:
Computer(Active Directory, from BloodHound)
The non-traversable GL_HostedOn edge is a hybrid cross-subgraph edge connecting a GitLab runner manager process to the Active Directory Computer node for the host it runs on. It is created in the enrichment phase by matching the runner manager's ip_address property against IP addresses of Computer nodes stored in BloodHound.
While not directly traversable as a standalone edge, GL_HostedOn is a critical link in the full runner lateral movement chain.
Depending on the used executor, an attacker who can push to a branch can execute arbitrary code on the runner host (the Computer node), enabling further lateral movement within the Active Directory environment.
graph LR
branch("fa:fa-code-branch GL_Branch develop")
runner("fa:fa-gears GL_Runner shared-01")
manager("fa:fa-server GL_RunnerManager linux-runner-host")
computer("fa:fa-desktop Computer runner-host-01.corp.local")
branch -.->|GL_BuildsOn| runner
runner -.->|GL_ManagedBy| manager
manager -.->|GL_HostedOn| computer