This article provides guidance on effective data collection and permission settings within BloodHound Enterprise (BHE) to ensure maximum visibility of your Active Directory environment and minimize exposure risks.
Keypoints :
- Attack Path visibility relies on comprehensive data collection, which is contingent on the permissions granted to the collector, SharpHound.
- Proper collection strategies benefit from a tiered approach similar to domain structuring.
- Understanding and defining Tier Zero is essential for identifying potential exposure risks in the environment.
- Active Directory Structure Data is the baseline requirement for BloodHound Enterprise functionality.
- Permission scopes affect the level of visibility into credential theft risks, privilege escalation, and misconfigurations.
- SharpHound and AzureHound can run on the same server, but resource allocation should be carefully managed, especially in large environments.
- Utilizing a Tiered SharpHound deployment enhances data collection and minimizes unnecessary exposure.
- Follow specific hardening guidance for the SharpHound service account, such as using a group managed service account (gMSA).
- Higher permissions lead to greater visibility; thus, additional collection may be necessary for full exposure management.
- Future discussions will explore steps following successful data collection, particularly focusing on contextualizing Tier Zero.
Full Story: https://posts.specterops.io/getting-started-with-bhe-part-1-f33c20c6f6f2?source=rss—-f05f8696e3cc—4