Bloodhound 2.0

Bloodhound 2.0

Presented at null Dubai Meet 31 August 2018 Monthly Meet

95dc04de5f5eca79b14a48ebcdaf43cf?s=128

Pralhad Chaskar

August 31, 2018
Tweet

Transcript

  1. Bloodhound 2.0 Walkthrough By : Pralhad Chaskar (@c0d3xpl0it)

  2. None
  3. What is Bloodhound • Active Directory privileges, rights and trust

    relationships mapping tool • Makes finding attack paths super easy • Uses a Neo4j Graph Database • Data collection using C# binary called SharpHound • Bloodhound UI is built with Linkurious, compiled into an Electron app • Free and open source software
  4. Sharphound Collection Methods

  5. Running from Domain Joined machine

  6. More Sessions for more paths

  7. New feature in 2.0 • CanRDP, ExecuteDCOM, ReadLAPSPassword, AllowedToDelegate •

    JSON Output (instead of CSV) • Edge Filtering • Graph Editing from the UI • Owned Value Properties • High Value Properties • Edge Abuse Help • Dark Mode
  8. None
  9. Is it Pentesters Tool or Blue Team Tool ??

  10. Detecting Bloodhound/ Hardening Infra • Net Cease - Hardening Net

    Session Enumeration • SAMRi10 - Hardening SAM Remote Access in Windows 10/Server 2016 • Using Netflow or other tools • Using DejaVU • ………or detect the system which makes tons of LDAP queries to DC
  11. Slack channel for queries/new features/etc

  12. References • https://blog.cptjesus.com/posts/bloodhound20 • Bloodhound: He Attac, but he also

    Protec (https://www.youtube.com/watch?v=hHfxZug1HHo) • https://github.com/BloodHoundAD/BloodHound • https://github.com/SadProcessor/Cheats/blob/master/DogWhisperer V2.md • https://github.com/PowerShellMafia/PowerSploit/tree/master/Recon
  13. None