Bloodhound 2.0

Transcript

1. Bloodhound 2.0 Walkthrough By : Pralhad Chaskar (@c0d3xpl0it)

2. None

3. What is Bloodhound • Active Directory privileges, rights and trust

   relationships mapping tool • Makes finding attack paths super easy • Uses a Neo4j Graph Database • Data collection using C# binary called SharpHound • Bloodhound UI is built with Linkurious, compiled into an Electron app • Free and open source software

4. Sharphound Collection Methods

5. Running from Domain Joined machine

6. More Sessions for more paths

7. New feature in 2.0 • CanRDP, ExecuteDCOM, ReadLAPSPassword, AllowedToDelegate •

   JSON Output (instead of CSV) • Edge Filtering • Graph Editing from the UI • Owned Value Properties • High Value Properties • Edge Abuse Help • Dark Mode
8. None

9. Is it Pentesters Tool or Blue Team Tool ??

10. Detecting Bloodhound/ Hardening Infra • Net Cease - Hardening Net

    Session Enumeration • SAMRi10 - Hardening SAM Remote Access in Windows 10/Server 2016 • Using Netflow or other tools • Using DejaVU • ………or detect the system which makes tons of LDAP queries to DC

11. Slack channel for queries/new features/etc

12. References • https://blog.cptjesus.com/posts/bloodhound20 • Bloodhound: He Attac, but he also

    Protec (https://www.youtube.com/watch?v=hHfxZug1HHo) • https://github.com/BloodHoundAD/BloodHound • https://github.com/SadProcessor/Cheats/blob/master/DogWhisperer V2.md • https://github.com/PowerShellMafia/PowerSploit/tree/master/Recon
13. None