Domain Enumeration With BloodHound

BloodHound is a fantastic application to visualize the relationships the objects in the domain have with each other. I will not go into any detail here. You can go to the BloodHound GitHub page to learn more.

I should note that this may be something you might want to avoid using if you are in a Red Team engagement as creating the data will produce a lot of noise.

I use the SharpHound.ps1 ingestor script which can be found here.

You can replace 'Invoke-Bloodhound' with SharpHound.exe if you are using that instead.

Collecting Data

Note: You may have to use '-CollectionMethod LoggedOn' because it sometimes misses sessions.
If you wish to avoid Advanced Threat Analytics (ATA) detection, use '-ExcludeDC'

Invoke-BloodHound -CollectionMethod All [-ExcludeDC]

Using BloodHound.py from linux

bloodhound-python -u <user> -p <pass> -d <domain> -ns <ip> -c All

PreviousUser Hunting NextCredential Dumping

Last updated 2 years ago