There’s not much we can add to that manual, just walk through the steps one by one. An extensive manual for installation is available here ( ). Although all these options are valid, for the purpose of this article we will be using Ubuntu Linux. 1. BloodHound installationīloodHound can be installed on Windows, Linux or macOS. A basic understanding of AD is required, though not much. We will be looking at user privileges, local admin rights, active sessions, group memberships etc. Interesting queries against the backend database.How to collect AD data through ingestors.In this blog post, we will be discussing: After collecting AD data using one of the available ingestors, BloodHound will map out AD objects (users, groups, computers, …) and accesses and query these relationships in order to discern those that may lead to privilege escalation, lateral movement, etc. That’s where BloodHound comes in, as a tool allowing for the analysis of AD rights and relations, focusing on the ones that an attacker may abuse. A pentester discovering a Windows Domain during post-exploitation, which will be the case in many Red Team exercises, will need to assess the AD environment for any weaknesses.įor Engineers, auditing AD environments is vital to make sure attackers will not find paths to higher privileges or lateral movement inside the AD configuration. You may find paths to Domain Administrator, gain access and control over crucial resources, and discern paths for lateral movement towards parts of the environment that are less heavily monitored than the workstation that served as the likely initial access point. The wide range of AD configurations also allow IT administrators to configure a number of unsafe options, potentially opening the door for attackers to sneak through.įor Red Teamers having obtained a foothold into a customer’s network, AD can be a real treasure trove. Privilege creep, whereby a user collects more and more user rights throughout time (or as they change positions in an organization), is a dangerous issue. But ‘structured’ does not always mean ‘clear’. It allows IT departments to deploy, manage and remove their workstations, servers, users, user groups etc.
Immediately apply the skills and techniques learned in SANS courses, ranges, and summitsĪctive Directory (AD) is a vital part of many IT environments out there.
0 kommentar(er)
