Add NTDS parser

[joost-j]

Adding a parser for the New Technology Directory Services Directory Information Tree (NTDS.dit) file, present on Windows Domain Controllers. This type of ESE database holds information related to an Active Directory environment.

Although multiple people have contributed to this tool within Fox-IT over the years, special acknowledgement goes to colleagues @Schamper and Aman Asarfi, whose work and research were invaluable. Performing in-depth investigation of the file format mainly comes from their end, and this pull request mainly puts all the code and knowledge gathered over the years into a proper Dissect-compatible format.

Several features include:

• Interacting with the NTDS database using Python functions (e.g. calling ntds.users()
• Interacting with the NTDS via LDAP queries (e.g. being able to call ntds.query("(objectClass=user)")
• Optimizations and caching to speed up the database lookups
• Testing most of the functionality above

Still work in progress:

• Create a wrapper tool around the NTDS class that outputs data in Bloodhound-supported format. Within Fox this goes by the namefoxhound. This tool can be added later on as well in a separate pull request.
• Add more objects and useful functions. E.g. a Domain object, and more functionality related to checking whether objects are related to each other. For example, a function where you could callObject.has_priv_over(obj2, GENERIC_ALL).
• Increase test coverage
• Adjusting NTDS.dit Plugin dissect.target#1347 or this code to be compatible
• Further code readability & style improvements

Related to fox-it/dissect.target#1348

[codecov]

Codecov Report

❌ Patch coverage is 88.57590% with 73 lines in your changes missing coverage. Please review.
✅ Project coverage is 82.51%. Comparing base (7b76faf) to head (106c986).
⚠️ Report is 1 commits behind head on main.

Files with missing lines	Patch %	Lines
dissect/database/ese/ntds/secd.py	82.87%	37 Missing ⚠️
dissect/database/ese/ntds/ntds.py	93.22%	21 Missing ⚠️
dissect/database/ese/ntds/objects.py	84.21%	9 Missing ⚠️
dissect/database/ese/ntds/utils.py	88.67%	6 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main       #8      +/-   ##
==========================================
+ Coverage   80.00%   82.51%   +2.50%     
==========================================
  Files          29       34       +5     
  Lines        2221     2860     +639     
==========================================
+ Hits         1777     2360     +583     
- Misses        444      500      +56     

Flag	Coverage Δ
unittests	82.51% <88.57%> (+2.50%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.