Bloodhound3 - Tool Release
BloodHound has been used for several years now, and has evolved far beyond its original state. What started as a simple graph with just basic permissions has grown to encompass several new attacks including access control lists and services.
The original data collection was done using a PowerShell script, which was eventually replaced by the custom C# project, SharpHound. The original SharpHound project was designed to greatly speed up data collection, but was limited to the original attacks collected by BloodHound. As more attacks have been added, collection was patched into SharpHound, but over time became harder and harder to maintain. Targetting .NET 3.5 forced compromises that are less necessary with the widespread adoption of Windows 10 in enterprises. BloodHound 3.0 represents a complete rewrite of the SharpHound data collector from the ground up, targetting .NET 4.5, with a big focus on data accuracy, including a change in the BloodHound database schema. During this talk we’ll cover some of the updates made to the tool, some of the major improvements made to data collection, as well as some of the interesting intricacies in active directory.