Dec 30, 2021

Infosec Journal - Issue #1

Infosec Journal Crew

This newsletter is an effort to help organizations make better decisions about security related topics through distilling the snake-oil, advertising, and self interest into actionable data.

ADExplorerSnapshot.py - BloodHound

Red Side

This repository allows you to take an AD Explorer snapshot and ingest it into BloodHound. That way you can use a Microsoft signed binary to get most of the data you would need for a BloodHound review.

GitHub - c3c/ADExplorerSnapshot.py: ADExplorerSnapshot.py is an AD Explorer snapshot ingestor for BloodHound.

ADExplorerSnapshot.py is an AD Explorer snapshot ingestor for BloodHound. - GitHub - c3c/ADExplorerSnapshot.py: ADExplorerSnapshot.py is an AD Explorer snapshot ingestor for BloodHound.

github.com

Blue Side

If you want to know why this is important or how this tool has been used in the past go check out the BHIS blog post:

Domain Goodness - How I Learned to LOVE AD Explorer - Black Hills Information Security

Sally Vandeven // OR How to Pentest with AD Explorer! Mark Russinovich’s Sysinternals tools (Microsoft) are nothing new. They have been a favorite among system administrators for many, many years. Maybe a little less known is that they are super helpful for pentesters too! One of my favorites is AD Explorer. My colleague Dave Fletcher, […]

www.blackhillsinfosec.com

But what you are going to want to look for on your network is : adexplorer.exe -snapshot “” mysnap.dat or something similar.

And if you don’t know what BloodHound is, I would highly recommend you check it out the documentation below, but basically it’s a vulnerability scanner for Active Directory. Where normal vulnerability scanners find exploits and bugs in software, BloodHound identifies attack paths for your specific configurations of Active Directory.

BloodHound: Six Degrees of Domain Admin — BloodHound 3.0.3 documentation

BloodHound uses graph theory to reveal the hidden and often unintended relationships within an Active Directory environment. As of version 4.0, BloodHound now also supports Azure. Attackers can use BloodHound to easily identify highly complex attack paths that would otherwise be impossible to quickly identify. Defenders can use BloodHound to identify and eliminate those same attack paths. Both blue and red teams can use BloodHound to easily gain a deeper understanding of privilege relationships in an Active Directory environment.

bloodhound.readthedocs.io

It does take a pretty decent knowledge of Active Directory to understand those attack paths, that’s the part where it’s open source. They do have an enterprise verison:

Attack Paths are a big difficult complex serious problem.

From the creators of BloodHound, an Attack Path Management solution that continuously maps and quantifies Active Directory Attack Paths. Remove millions of Attack Paths within your existing architecture and eliminate the attacker’s easiest, most reliable, and most attractive target.

bloodhoundenterprise.io

I would also recommend checking out PingCastle which does similar work:

Home - PingCastle

Because the Active Directory security lies in the process and not in expensive tools, our solution is simple: download PingCastle and apply its methodology.

www.pingcastle.com

I am not sponsored or paid by any company these are just recommendations from a pentester who is tired of breaking in to Active Directory the same ways each time.

Did you enjoy this issue? Yes No

Infosec Journal Crew @mubix

Here we take the news, knowledge, and experiences, grind it up into actual useable bits, and share it out to you. What you do with it, well that's up to you.

In order to unsubscribe, click here.

If you were forwarded this newsletter and you like it, you can subscribe here.

Created with Revue by Twitter.