^.^;

BloodHound

Map Active Directory attack paths. Find the shortest route to Domain Admin. Visualize ACL abuse opportunities and privilege escalation chains.

IntermediatePhase 2: Active DirectoryInteractive Graph Visualization

BloodHound

Graph-driven Active Directory attack path analysis. Use it to see your environment the way attackers do—and then dismantle those paths.

BloodHound uses graph theory to reveal hidden attack paths in Active Directory. Red teams use it to find the shortest path to Domain Admin; blue teams use it to eliminate those paths before attackers do.

Key Ideas

  • Ingests AD data via SharpHound collector
  • Stores relationships in Neo4j graph database
  • Models users, groups, computers, GPOs, ACLs, sessions
  • Highlights abusable rights (GenericAll, WriteDacl, ForceChangePassword)

Blue Team Superpower

  • See AD the way an attacker does (graph of privilege)
  • Prioritize toxic combinations instead of individual misconfigs
  • Continuously validate that hardening efforts remove attack paths
Users
0
Computers
0
Groups
0
Relationships
0

BloodHound Console

Ready to Enumerate

Pre-Built Attack Queries

Find all Domain Admins
Shortest path to Domain Admin
Find AS-REP Roastable users
Find Kerberoastable users
Find computers with unconstrained delegation

Attack Chain Exploitation

1.
Initial Access: jsmith account compromised (phishing)
2.
Lateral Movement: Use IT Support group membership to RDP to WKS01
3.
Credential Theft: Dump mjones credentials from WKS01 memory (Mimikatz)
4.
Privilege Escalation: mjones is Domain Admin
5.
Domain Compromise: PSExec to DC01 as Domain Admin

OPSEC: Authorized Assessments Only

BloodHound is a powerful AD enumeration tool used by both red teams and attackers. Only use in authorized penetration tests. Implement tiered administration, limit privileged sessions, and monitor for LDAP enumeration anomalies.

Terms of ServiceLicense AgreementPrivacy Policy
Copyright © 2025 JMFG. All rights reserved.