How We Use BloodHound and How it Can Help Defenders

BloodHound, available at bloodhound.readthedocs.io, maps Windows Active Directory permissions to a graph database that lets users trace attack paths using a GUI and a query system. To make that more concrete, BloodHound can answer questions such as:

  • Who is allowed to RDP to Computer132?
  • Which computers does JohnSmith have admin access to?
  • What are all the users with effective Domain Administrator access?
  • How can an attacker escalate privileges on the network?

 Throughout this post, I will share specific recommendations for what to look for in BloodHound to find quick wins when securing a network…

Read Full Blog

Shares

Written by:

Leave a comment