New Video from @_JohnHammond Discusses Latest Updates and Features of BloodHound

In this video, John Hammond interviews Andy Robbins and Justin Kohler from Spectre Ops to discuss the latest updates and features of BloodHound, a widely used cybersecurity tool for mapping permissions and attack paths in Active Directory and Azure environments. The discussion begins with a historical overview of BloodHound, which was initially launched in 2016 at the Defcon conference, and its evolution since then.

BloodHound has evolved significantly, transitioning from "BloodHound Legacy" to "BloodHound Community Edition," integrating many new attack primitives and relationships in Active Directory, as well as intra and Azure attack paths. The Enterprise version of BloodHound, launched in 2021, enables defenders to find and remediate attack paths at scale, isolating super administrators and other critical principles.

One of the most exciting new features is "BloodHound Open Graph," which allows researchers to model attack paths in any platform. This feature has been quickly adopted by the community, with examples of modeling attack paths in environments like Kubernetes and OnePassword. The speed at which new models can be created and integrated is impressive, paving the way for broader exploration of attack paths in various environments.

The video also highlights the new table view in BloodHound, which allows for more efficient data representation, especially when there are no relationships between objects. This feature is particularly useful for remediation and target selection by red teams. Additionally, a new cipher query library has been introduced, enabling users to find and execute interesting queries without having to write them themselves.

Another strength of the update is BloodHound's ability to model hybrid attack paths, combining multiple platforms like Active Directory, Azure, and SaaS services like GitHub. This feature allows for the visualization of complex attack paths that traverse multiple environments, providing a more comprehensive view of potential risks.

For BloodHound Enterprise users, a new feature called "Privilege Zones" allows the creation of arbitrary classes of identities and resources, and the modeling of attack paths towards these assets. This helps in understanding how privileges can be used to access sensitive information, even if the user does not have direct access to this information.

In conclusion, the updates to BloodHound provide powerful tools for security teams, both on the attack and defense sides. The new features enable deeper exploration of attack paths and more effective remediation, while offering increased flexibility for modeling complex and hybrid environments.

To learn more, watch the full video at the following address: https://www.youtube.com/watch?v=kVOjXGbm_Ro