Skip to content

Groups

Jump to bottom Edit New page
Andy Robbins edited this page Aug 6, 2016 · 3 revisions

Clicking on a group node will populate the Node Info tab with information about that group:

BloodHound Computer Node Tab

-Direct Members: These are the users and groups that are explicitly added to this group. This is the information you would see when typing net group groupname /domain

-Unrolled Members: These are all of the effective group memberships for the group. This is the equivalent of running Get-NetGroup -GroupName groupame -Recurse

-Direct Admin To: These are the computers where the group itself is added explicitly as a local administrator on a system.

-Derivative Admin To: These are the computers the effective members of the group can gain administrator rights to by impersonating a user currently using a computer the user has administrator privileges to, regardless of how deep this chaining goes.

-Sessions: These are all the computers the ingestor identified the effective users of the group as logged onto during collection.

Add a custom footer

Overview

  1. Home
  2. Getting started
  3. Building BloodHound from source
  4. Running BloodHound dev server

Data Collection

  1. Intro
  2. PowerShell ingestor
  3. CSV ingestion
  4. Ingestion through C2

Using the Interface

  1. Intro
  2. Users
  3. Computers
  4. Groups
  5. Pathfinding

Advanced

  1. Cypher query language
  2. BloodHound graph design
  3. neo4j REST API
  4. BloodHound CSV format
Clone this wiki locally