Discover and read the best of Twitter Threads about #BloodHoundEnterprise

Most recents (6)

One year ago this week I published The Attack Path Management Manifesto, which you can read here: medium.com/p/3a3b117f5e5

It's a long read, so in this thread I'm going to give you the most succinct version of the manifesto I can:
Adversaries have been abusing identity-based attack paths -- in particular those that emerge in Active Directory environments -- for over 20 years. Why? There are three major reasons:
1. Active Directory is the FOUNDATION upon which all identity and access in the enterprise is built. Your workstation? AD auth. Your CI/CD pipeline? AD via ADFS. Your network devices? AD via RADIUS.

Control the foundation and you control the enterprise.
Read 25 tweets
Users in Azure deserve attention from attackers and defenders. But Service Principals deserve as much attention, and actually maybe deserve much more attention than users. A quick thread on why, and resources for attackers and defenders:
First, the password reset system in Azure has tiered administration baked into it. Only your T0 users can reset T0 users' passwords:
That system is amazingly effective at preventing the existence of password reset based attack paths.

But attack paths involving adding new service principal credentials can and do emerge.

And nowhere are those attack paths more difficult to audit than when they involve MIs
Read 12 tweets
The #BloodHoundEnterprise team's working culture, as explained by Marcus Aurelius, a short thread: 🧵
“The object of life is not to be on the side of the majority, but to escape finding oneself in the ranks of the insane.”

We are not afraid of challenging the status quo and doing things radically different than what came before.
“If someone is able to show me that what I think or do is not right, I will happily change, for I seek the truth, by which no one was ever truly harmed. It is the person who continues in his self-deception and ignorance who is harmed.”

Every week we have "Demo/Retro", which...
Read 7 tweets
Our #BloodHoundEnterprise customers really value measuring the exposure of any given #AttackPath so I figured I'd do a quick 🧵 to explain how this works
We'll start with an example, Riley (a regular user) has rights over a Domain Controller (Tier Zero / Critical Asset): Image
This is certainly an issue we'd want to address but how do we really assess the risk?

Let's look at who can control Riley's account.
Read 14 tweets
Three of the most common issues #BloodHoundEnterprise finds, their impacts, and how you can use FOSS #BloodHound to find and fix these issues yourself, today: 🧵
Issue #1: Domain Controller object ownership. This issue is *extremely* common and *extremely* dangerous when looking at attack path possibilities this opens up. This is also *extremely* easy to fix.
In FOSS #BloodHound, run this query using the "raw query" bar at the bottom:

MATCH (g:Group)
WHERE g.objectid ENDS WITH '-516'
MATCH p = (n:Base)-[:Owns]->(c:Computer)-[:MemberOf*1..]->(g)
RETURN p
Read 17 tweets
I am thrilled to announce #BloodHoundEnterprise, which will be released in Summer of 2021!

Learn more: specterops.io/bloodhound-ent…
View our announcement webinar: specterops.zoom.us/webinar/regist…

A thread of major points about BloodHound Enterprise: Image
Once an attacker has access to Active Directory, it's virtually guaranteed they can find an attack path resulting in the compromise of a Tier 0 asset (Domain Admin). Owning Tier 0 means owning AD. Owning AD means owning the organization, all its data, users, processes, etc.
The scale, availability, and growth of those attack paths has exposed an enormous gap in how we try to secure Active Directory today. Organizations try (and fail) to fill that gap with technologies, products, and processes.
Read 9 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!