BloodHound

Intro

Bloodhound provides GUI for AD entities and relationships for the data collected by its ingestors. It uses Graph Theory for providing the capability of mapping shortest path for interesting things like Domain Admins.

There are built-in queries for frequently used actions. It also supports custom Cypher queries.

BloodHound is good for pentesters and blue teams but bad for red teamers since it is noisy.

neo4j

Install neo4j:

.\neo4j.bat install-service

Start neo4j:

.\neo4j.bat start

Go to localhost:7474 in browser and change the default credential neo4j:neo4j to neo4j:password. Log into BloodHound now.

SharpHound

Import SharpHound:

. .\SharpHound.ps1

Collect all data:

Invoke-BloodHound -CollectionMethod All -Verbose

The generated archive can be uploaded to the BloodHound application.

To avoid detections like Microsoft Advanced Threat Analytics (ATA):

Invoke-BloodHound -CollectionMethod All -ExcludeDC

Running SharpHound blindly on a victim machine is bad OPSEC.

PreviousPowerView NextLateral Movement

Last updated 2 years ago