BloodHound

How MS Exchange on-premises compromises Active Directory and what organizations can do to prevent that.At SpecterOps, we recommend our customers establish a security boundary around their most critical assets (i.e., Tier Zero) of ...

Final Steps to BloodHound Federal — FedRAMP High ComplianceEver since SpecterOps first launched BloodHound Enterprise (BHE) in July 2021, one of our team’s biggest frustrations involved a lack of FedRAMP qualifications, which prevented us ...

Entra ID has a built-in role called “Partner Tier2 Support” that enables escalation to Global Admin, but this role is hidden from view in the Azure portal GUI.Why it mattersAn adversary may target the ...

Directory.ReadWrite.All is an MS Graph permission that is frequently cited as granting high amounts of privilege, even being equated to the Global Admin Entra ID role.Why it mattersAzure admins and security professionals may put ...

Microsoft Breach — How Can I See This In BloodHound?SummaryOn January 25, 2024, Microsoft announced Russia’s foreign intelligence service (i.e., Sluzhba vneshney razvedki Rossiyskoy Federatsii [SVR]) breached their corporate EntraID environment. We reviewed the ...

ADCS Attack Paths in BloodHound — Part 1Since Will Schroeder and Lee Christensen published the Certified Pre-Owned whitepaper, the BloodHound Enterprise team at SpecterOps has been eager to implement Active Directory Certificate Services (ADCS) attack ...

BloodHound Enterprise (BHE) recently saw the addition of a new, game-changing feature: open-ended Cypher searches. For those unfamiliar, Cypher is a declarative query language used for retrieving data from a graph database ...

I’m proud to announce the availability of BloodHound Community Edition (BloodHound CE)!What you need to know:The free and open-source version of BloodHound is now known as BloodHound CE and will remain free and ...

SummaryThe BloodHound code-convergence project brings some significant and long-desired feature enhancements to BloodHound Enterprise (BHE):Cypher search, including pre-built queries for AD and AzureBuilt-in support for offline data collection (i.e., control systems or acquisition ...

SummarySpecterOps is pleased to announce BloodHound Community Edition (CE) will be available in early access on August 8, 2023! In this blog:BloodHound is now BloodHound CE; new name, slightly different look, same purpose ...