BloodHound: Active Directory Toolkit

BloodHound

BloodHound CE is a security tool that uses graph theory to reveal the hidden and often unintended relationships within an Active Directory or Entra ID (formerly known as Azure AD) environment. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory or Azure environment.

BloodHound CE can analyze directory data collected by its collectors:

• SharpHound CE, collecting from Active Directory
• AzureHound CE, collecting from Entra ID (formerly Azure Active Directory)

BloodHound CE supports ingesting/uploading collected data in two ways:

1. Through the BloodHound CE API endpoint ‘/api/v2/file-upload/’, see Working with the BloodHound API
2. Through the BloodHound CE GUI
   1. Click ⚙️ → Administration
   2. From the left menu under Data Collection, select File Ingest
   3. Click the button UPLOAD FILE(S)
   4. Either drag-drop the files into the upload window, or click the upload window and select the files from your file explorer
      • NB: BloodHound CE accepts either .zip archives or JSON files, with no size limit. Your browser’s ability to package the uploaded file is a limiting factor in uploading large datasets directly through the UI, however.

Tutorial

Copyright (C) 2016-2023 Specter Ops Inc

Source: https://github.com/SpecterOps/