Random Infosec Stuff

BloodHound/Infosec Content

BloodHound 2.1: The Fix Broken Stuff Update

Sometimes, you have to step back and look at your code you wrote a while ago. Usually, it’s not pretty. Sometimes, it’s just flat out wrong. This is one of those times. The 2.1 release of BloodHound has a large focus on bug fixes, and a couple new features including a new attack primitive. This post is going to cover changes we’ve made since the release of BloodHound 2.0, including some of the incremental changes in between....

March 12, 2019 · 8 min · 1670 words · Rohan Vazarkar

BloodHound 2.0

The BloodHound team has been relatively quiet for a while now. It’s been 5 months since the release of the Containers update, and outside of some bugfixes, nothing much has changed. All that is about to change. We’re proud to announce the release of BloodHound 2.0, representing the second major release of the project with tons of new features, bugfixes, and new abuse primitives. Major New Features Four New Edges BloodHound 2....

August 7, 2018 · 16 min · 3225 words · Rohan Vazarkar

BloodHound 1.5: The Container Update

When BloodHound 1.4 came out in October of 2017, the object properties added represented the first major change in the BloodHound database schema since the original creation of the project. Today, we’re proud to present BloodHound 1.5, which represents a much larger change in both the database schema, as well as many long standing features of the BloodHound user interface. Containers - GPOs and OUs One of the things the BloodHound team has been talking about for quite a while now is adding GPO and OU objects to the BloodHound schema....

March 28, 2018 · 11 min · 2234 words · Rohan Vazarkar

SharpHound: Target Selection and API Usage

One of the most common questions we get from BloodHound users is related to how collection is done, as well as what targets are selected for different collection methods. In this post, we’re going to detail what each collection method does, particularly which API calls are used for each different step, as well as the detailed target selection logic. What does each collection method do? The SharpHound collector has several discrete steps which run simultaneously to collect different data necessary for the graph....

March 5, 2018 · 8 min · 1682 words · Rohan Vazarkar

SharpHound: Technical Details

In the previous blog post, we focused on SharpHound from an operational perspective, discussing some of the new features, as well as improved features from the original ingestor. In this post, we’ll talk more about the technical and underlying changes made to the ingestor that optimize the way data is collected. Pure LDAP In the previous versions of the BloodHound ingestor, and the majority of the tools released, communication with Active Directory is done using the DirectorySearcher class in the System....

October 23, 2017 · 14 min · 2970 words · Rohan Vazarkar