A curated list of awesome Bloodhound resources
This list is for liks to learn and use the awesome Active Directory recon tool Bloodhound. It will for the most part consist of tools available on Github, videos demonstrating the tools, blog posts and wikis. The list is somewhat categorized by type. You can contribute by sending pull requests, create issues with suggestions or write to me on Twitter @chryzsh. I have made a markdown template for adding new links here -> Contributing.
Join the BloodHound Slack: http://bloodhoundgang.herokuapp.com/
- Getting Started
- Features and updates
- Tools
- Methodology and reporting
- Cypher
- Videos
- Ebooks
- Social
- Tips & tricks
- Contributing
↑ Getting Started
- BloodHoundAD/BloodHound - The Bloodhound repository
- Bloodhound Wiki - The Bloodhound repository wiki
- Neo4j - Neo4j, Bloodhound's graph database
↑ Features and updates
- Introducing BloodHound - Introducing BloodHound by wald0
- BloodHound 1.3 – The ACL Attack Path Update - Description of the 1.3 feature update by wald0
- SharpHound: Evolution of the BloodHound Ingestor - Description of the rewritten Sharphound ingestor.
- BloodHound 1.4: The Object Properties Update - Description of the 1.4 update by CptJesus
- SharpHound: Technical Details - Technical details of the Sharphound ingestor
- SharpHound: Target Selection and API Usage - Description of how collection is done
- BloodHound 1.5: The Container Update - Description of the 1.5 update by CptJesus
- BloodHound 2.0 - Description of the 2.0 update by CptJesus
- BloodHound 2.1: The Fix Broken Stuff Update - Description of the 2.1 update by CptJesus
↑ Tools
- BloodHoundAD/BloodHound-Tools - Miscellaneous tools for BloodHound
- BloodHoundAD/SharpHound - The BloodHound C# Ingestor
- fox-it/BloodHound.py - A Python based ingestor for BloodHound
- peterhgombos/bloodhounddemo - Docker container containing a quick demo database for Bloodhound using the official neo4j image.
- seajaysec/cypheroth - Automated, extensible toolset that runs cypher queries against Bloodhound's Neo4j backend and saves output to csv.
- adProcessor/WatchDog - WatchDog is a BloodHound Data scanner [NodeWeight]
- GoFetchAD/GoFetch - GoFetch is a tool to automatically exercise an attack plan generated by the BloodHound application.
- fox-it/aclpwn.py - Active Directory ACL exploitation with BloodHound.
- fox-it/bloodhound-import - Python based BloodHound data importer
- vysecurity/ANGRYPUPPY - Bloodhound Attack Path Automation in CobaltStrike
- porterhau5/BloodHound-Owned - A collection of files for adding and leveraging custom properties in BloodHound.
- Coalfire-Research/Vampire - Vampire is an aggressor script which integrates with BloodHound to mark nodes as owned.
- chrismaddalena/Fox -A companion tool for BloodHound offering Active Directory statistics and number crunching
↑ Methodology and reporting
- Introducing the Adversary Resilience Methodology — Part One - Methodology using Bloodhound for defensive purposes, part one.
- Introducing the Adversary Resilience Methodology — Part Two - Methodology using Bloodhound for defensive purposes, part two.
- Active Directory Security:Beyond the Easy Button - Defensive Active Directory by Sean Metcalf
- Troopers 2019: BloodHound and the Adversary Resilience Methodology - Slide set from the Bloodhound talk at Troopers 2019. See Videos for video of this.
- BloodHound Head to Tail - Andy Robbins Rohan Vazarkar - Derbycon 2019 talk about Bloodhound. See Videos for video of this.
- BlackHat USA 2019 - Finding Our Path - BlackHat USA 2019 - Finding our Path: How We're Trying to Improve Active Directory Security
↑ Cypher
- BloodHound: Intro to Cypher - Intro to Cypher
- awsmhacks/awsmBloodhoundCustomQueries - Collection of Cypher queries
- Bloodhound Cypher Cheatsheet - Cheatsheet detailing how to write Cypher queries.
- Neo4j Drivers & Language Guides - Neo4j drivers and language guides.
- Blue Hands On Bloodhound - Data manipulation with Bloodhound.
↑ Videos
- Six Degrees of Domain Admin... - Presentation of Bloodhound from 2016 by Andy Robbins, Will Schroeder and Rohan Vazarkar.
- How BloodHound's Session Collection Works - Brief explanation of session collection by Andy Robbins (wald0).
- BloodHound 2.1's New Computer Takeover Attack - Brief explanation of a feature in Bloodhound 2.1, by Andy Robbins (wald0). TR19: BloodHound and the Adversary Resilience Methodology - Talk from Trooppers 2019 by the Bloodhound creators about using Bloodhound defensively.
- BloodHound Head to Tail - Andy Robbins Rohan Vazarkar - Derbycon 2019 talk about Bloodhound
- BloodHound - Analyzing Active Directory Trust Relationships - Short usage video on exploring trust relationships by Raphael Mudge.
- Extending BloodHound for Red Teamers - Talk about adapting and extending Bloodhound for red team usage.
- IppSec - Sizzle - IppSec demonstrates Bloodhound collection, ingestion and usage on the box Sizzle on Hackthebox.
- IppSec - Reel - IppSec demonstrates Bloodhound collection, ingestion and usage on the box Reel on Hackthebox.
- Course BloodHound Framework 2 Download BloodHound - Bloodhound course by Matt harr0ey
↑ Ebooks
- The Dog Whisperer’s Handbook - Thorough book detailing almost everything that can be done with Bloodhound.
↑ Social
- Join the BloodHound Slack - Slack channel for talk about Bloodhound and other shenanigans.
- The Official BloodHound Swag Store - The Official BloodHound Swag Store
↑ Tips & tricks
- Submitting New Attack Primitives - Submitting New Attack Primitives in Bloodhound
- Stop Bloodhound data gathering? - @jeffmcjunkin - How to stop Bloodhound data gathering?
- Controlling AD Recon (Bloodhound) - @PyroTek3 - Controlling AD Recon (Bloodhound)
- Get help from Bloodhound - @wald0 - How do I abuse a relationship that #BloodHound is showing me?
- Computer objects in Bloodhound - @wald0 - Did you know...
- Unsupported OS - @aceb0nd - Find unsupported (and potentially vulnerable) Windows OS using this cypher query.
↑ Contributing
You can contribute by sending pull requests, create issues with suggestions or write to me on Twitter @chryzsh. If you want to contribute directly you can use the following markdown templates.
* [username/github-repo](https://github.com/username/github-repo) - Brief description.
* []() -