This article discusses the significance of accurately defining Tier Zero in BloodHound Enterprise (BHE) to effectively manage and understand Attack Path Findings, allowing organizations to assess risks associated with their environment.
Keypoints :
- Tier Zero refers to a set of assets controlling enterprise identities and their security dependencies.
- Accurate Tier Zero classification aids in reducing confusion regarding Attack Path Findings in BHE tenants.
- Default Tier Zero options include critical domain objects such as Domain Admins, Domain Controllers, and Enterprise Admins.
- Entities not included by default may comprise accounts or groups that increase exposure risks to Tier Zero.
- Custom Tier Zero assets can be added through the Explore Page or the Group Management page.
- Additions to Tier Zero may reveal new Findings, highlighting pathways that require attention.
- Clearer Tier Zero definitions enhance visibility, revealing permissions and misconfigurations in Active Directory.
- Changing the Tier Zero definition impacts the visibility of risk pathways without necessarily reducing or increasing the number of Findings.
- Effective Tier Zero contextualization is crucial for accurately identifying exposure risks to critical assets.
- Future articles will focus on identifying sources of exposure using Cypher queries.
Full Story: https://posts.specterops.io/getting-started-with-bhe-part-2-fbeeeb2501ee?source=rss—-f05f8696e3cc—4