1. BloodHound
Description:
BloodHound is a tool used to analyze Active Directory (AD) environments and identify attack paths within AD networks. It is used to find relationships between AD objects, such as users, computers, and groups, which can be leveraged for privilege escalation or lateral movement.
Examples:
- Ingest AD Data:
- SharpHound.exe -c All
- Ingest AD Data:
Explanation: Uses SharpHound to collect AD data on the network. The data is then imported into BloodHound for graphical analysis.
- Analyze Attack Paths:
- Load the collected data into BloodHound and use the “Shortest Path” feature to find the quickest way to escalate privileges. Explanation: BloodHound provides visual representations of attack paths that can be leveraged to gain domain admin privileges or access sensitive resources.
- Analyze Attack Paths: