A tool that is often overlooked and has become more and more popular recently when attacking windows networks is bloodhound. It can be leveraged to gain access to different paths to compromise and Pwnage on a network, making it a very powerful tool for assessing routes to compromise!

1. Sniffing Routes to Pwnage
An Introduction to Bloodhound

2. Hi Folks, I’m Andy.
• Learning The Trades of Three teams;
• Red –Offensive Security
• Purple – The Mediator on the Fence
• Blue - Defensive Security
• PenTester By Trade @ PTP/ Former GCU Student
• I hack things and try to solve problems

3. Also the Face of G3C

4. Big Fan of Conference
Talks

5. Talk Plan
• Quick Primer on Active Directory
• What Is Bloodhound?
• How Does It Work?
• What Are The Different Features?
• Who Can It Help?
Kudos TO SpecterOps for
the Epic Art:

6. Active Directory in a Nutshell
• Forests
• Domains
• Users
• Groups
• Organisational Units
• Relationships
• Trusts

7. Bloodhound Explained
• Used for Enumeration
• Mapping Networks
• Useful for many different people, red ,blue, rainbow
• Tool created by @_wald0, @CptJesus,
and @harmj0y.

8. How It Works
Broken Down into two parts
• Data Collection
• Visualisation

9. Walkthrough of Features
• Ingestors
• GUI
• Cypher

10. Who Can It Help?
Purple Team
Red TeamBlue Team

11. Where is It Applicable?
• Offensive Security Applications
• Map out attack surface of network and discover paths for compromise
• Run once, query forever – Offline handy reference
• Defensive Security Applications

12. Cool Things To Try
• Generating Graphs on the Fly to Play
With[LIVE DEMO]
• Exploring Cypher

13. Attackers Think In Graphs – Defenders Think in Lists
Blue Team
Detecting Bloodhound as a
Blue Teamer!!!

14. • References
• BloodHound:
https://github.com/BloodHoundAD/BloodHound
Blog Post:
https://blog.zsec.uk/bloodhound-101/
• Creators of BloodHound:
• https://twitter.com/_wald0
• https://twitter.com/CptJesus
• https://twitter.com/harmj0y

15. • Q&A{s}?
• https://blog.zsec.uk
• https://twitter.com/ZephrFish