This guide explains BloodHound Community Editionβs installation, backend setup, data collection methods (SharpHound, bloodhound-python, NetExec, Metasploit), and how to analyze Active Directory attack paths in the UI. It also highlights key queries and real-world findings such as DCSync and AS-REP risks, LAPS and GMSA exposures, ACL abuse, and identified high-value accounts in IGNITE.LOCAL. #BloodHound #IGNITE_LOCAL
Keypoints
- BloodHound CE maps AD relationships to reveal privilege escalation and domain compromise paths.
- Install on Kali with apt and run bloodhound-setup, then change the Neo4j default password and update /etc/bhapi/bhapi.json.
- Collect data using SharpHound, bloodhound-python, NetExec, or the Metasploit ingestor and upload JSON/ZIP files to the UI.
- Use built-in Cypher queries to find Domain Admins, DCSync privileges, AS-REP roastable users, and LAPS/GMSA issues.
- Analysis surfaces high-value pivots and ACL abuse vectors like AddSelf, ForceChangePassword, GenericWrite, WriteOwner, and GenericAll.
Read More: https://www.hackingarticles.in/active-directory-enumeration-bloodhound/