BloodHound and the Adversary Resilience Methodology
Almost 20 years after its initial release, Active Directory remains the dominant directory service in use by the vast majority of businesses of all size around the world. AD also remains a favorite landscape for adversaries, who commonly abuse overly liberal permissions, poor credential hygiene, and other misconfigurations to gain full control of the enterprise. Enumerating, measuring the impact of, and remediating these issues has historically been extremely tedious, if not downright impossible for defenders. As a result, most Active Directory environments remain highly vulnerable to chained attack paths that are easy for attackers to find, but very difficult for defenders to effectively and proactively remediate.
In this talk, we will demonstrate and showcase the Active Directory Adversary Resilience methodology, which allows organizations to exhaustively enumerate, visually understand, and empirically/statistically reduce the attack paths that exist in any Active Directory environment. Organizations can quickly and easily measure the percentage of users that have an attack path to any given principal in the directory, most notably including the Domain Admins group. Then, by virtually testing “remediation hypotheses” against the graph database, organizations can find the precise and practical changes they should make that reduce the overall attack surface in AD – often times with the least amount of effort and money.