This newsletter is an effort to help organizations make better decisions about security related topics through distilling the snake-oil, advertising, and self interest into actionable data.
ADExplorerSnapshot.py - BloodHound
Red Side
This repository allows you to take an AD Explorer snapshot and ingest it into BloodHound. That way you can use a Microsoft signed binary to get most of the data you would need for a BloodHound review.
ADExplorerSnapshot.py is an AD Explorer snapshot ingestor for BloodHound. - GitHub - c3c/ADExplorerSnapshot.py: ADExplorerSnapshot.py is an AD Explorer snapshot ingestor for BloodHound.
Sally Vandeven // OR How to Pentest with AD Explorer! Mark Russinovich’s Sysinternals tools (Microsoft) are nothing new. They have been a favorite among system administrators for many, many years. Maybe a little less known is that they are super helpful for pentesters too! One of my favorites is AD Explorer. My colleague Dave Fletcher, […]
But what you are going to want to look for on your network is : adexplorer.exe -snapshot “” mysnap.dat or something similar.
And if you don’t know what BloodHound is, I would highly recommend you check it out the documentation below, but basically it’s a vulnerability scanner for Active Directory. Where normal vulnerability scanners find exploits and bugs in software, BloodHound identifies attack paths for your specific configurations of Active Directory.
BloodHound uses graph theory to reveal the hidden and often unintended
relationships within an Active Directory environment. As of version 4.0, BloodHound
now also supports Azure. Attackers can use
BloodHound to easily identify highly complex attack paths that would otherwise
be impossible to quickly identify. Defenders can use BloodHound to identify
and eliminate those same attack paths. Both blue and red teams can use
BloodHound to easily gain a deeper understanding of privilege relationships in
an Active Directory environment.
It does take a pretty decent knowledge of Active Directory to understand those attack paths, that’s the part where it’s open source. They do have an enterprise verison:
From the creators of BloodHound, an Attack Path Management solution that continuously maps and quantifies Active Directory Attack Paths. Remove millions of Attack Paths within your existing architecture and eliminate the attacker’s easiest, most reliable, and most attractive target.
Because the Active Directory security lies in the process and not in expensive tools, our solution is simple: download PingCastle and apply its methodology.
I am not sponsored or paid by any company these are just recommendations from a pentester who is tired of breaking in to Active Directory the same ways each time.
Here we take the news, knowledge, and experiences, grind it up into actual useable bits, and share it out to you. What you do with it, well that's up to you.
