Bloodhound for defenders– Teach your dog new tricks

This is not a talk about machine learning or AI. Bloodhound by @_wald0, @cptjesus and @harmj0y is a brilliant tool to identify attack paths in Active Directory environments. Heavily used by red teams it is at least as significant to defenders. In this talk, I show the great extensibility of Bloodhound for blue teams and the possibility to gain situational awareness with just a little bit of creativity and scripting.

Bloodhound visualizes the data, which the corresponding data collector (SharpHound) ingests into the database. As the underlying (neo4j) database is open for modification, additional data can be ingested to enrich the collected data or to realize new relationships within Bloodhound. As defenders have additional information (e.g. Inventory data, patch level) of the environment already at their fingertips, the Bloodhound data can be more precise and additional attack paths may be uncovered. Derived KPIs are valuable input to threat intelligence programs.