Skip to content

@rvazarkar rvazarkar released this Mar 12, 2019 · 8 commits to master since this release

This release fixes a large number of bugs, as well as adds the AddAllowedToAct and AllowedToAct edges to exploit the Resource Based Constrained Delegation attack. For more details, see the blog post on the SpecterOps Blog here

Assets 8

@rvazarkar rvazarkar released this Jan 15, 2019 · 37 commits to master since this release

This is a bugfix release.

Fixed bugs with GPLink ingestion as well as some Ace filtering.

Assets 8

@rvazarkar rvazarkar released this Nov 6, 2018 · 39 commits to master since this release

This is mostly a maintenance release with some bug fixes and a few small new features.

New Features

  • Added Cannot Be Delegated to user properties
  • Added Dont Require Preauth to user properties (for ASREP roasting)
  • Add LdapFilter option to fine tune collection (thanks @Tifkin)

Bug Fixes

  • Fix notes field in dark mode
  • Fixed various null pointer exceptions in data collection
  • Fixed several help modal texts
  • Fixed ACEs not actually importing for computer objects (thanks @dirkjanm )
  • Fixed swapped menu icons
  • Default LDAP to target primary domain controller
  • Properly chunk data import so it doesn't die horribly
Assets 8
Aug 18, 2018
Update readme

@rvazarkar rvazarkar released this Aug 17, 2018 · 65 commits to master since this release

This release expands GPO collection to include RDP and DCOM groups added via Group Policy.

It also expands GPO collection to include groups added to the administrators group via the member property. Huge thanks to @jonas2k for his pull request.

We've also added more data to node displays, and fixed some ingestion bugs

Assets 8

@rvazarkar rvazarkar released this Aug 15, 2018 · 70 commits to master since this release

This is a bugfix release containing several fixes for issues reported by the community.

Special thanks to community members for helping to fix some of these bugs.

Bugfixes

Crash when using upload button (#200)
Fix for relayout button (#201)
Fix for crash when trying to enumerate enterprise DC group
Fix missing/incorrect documentation (Thanks @ClementNotin @elitest @jonas2k @Crypt0-M3lon)

Assets 8

@rvazarkar rvazarkar released this Aug 7, 2018 · 81 commits to master since this release

This is a major feature release for BloodHound, introducing several new features, optimizations, and bugfixes. For a full changelog, see the blog post at https://blog.cptjesus.com/posts/bloodhound20

OLD DATABASES WILL NOT BE FULLY COMPATIBLE WITH BLOODHOUND 2.0

Changelog

User Interface

  • Added 4 new edges - ExecuteDCOM, CanRDP, AllowedToDelegate, ReadLAPSPassword
  • Rewrote ingestion logic to support new JSON
  • Added Drag and Drop Ingestion Support
  • Added new properties on nodes
  • Added the ability to add Edges and Nodes from the UI
  • Added the ability to delete Edges and Nodes from the UI
  • Added the ability to modify Nodes in the UI
  • Added attack primitive help text
  • Added High Value/Owned Designators to Nodes (Original idea by @porterhau5)
  • Added Notes + Pictures to Nodes
  • Added a beta dark mode (Original idea by @sadprocessor)
  • Added right click context menu to edges + empty graph space
  • Optimized a few queries
  • New Loading Gif (Credit to Elizabeth Ostasiewski)
  • Fixed some bugs in ingestion logic (Thanks @_dirkjan)

SharpHound

  • Rewrote output to JSON
  • Merged LDAP queries to improve performance
  • Cached LDAP connections to improve performance (Credit to @Meatballs__)
  • Added DCOnly Collection Method
  • Added ACL collection for computers
  • Defaulted output to Zip, added EncryptZip, ZipFileName, RandomFilenames, NoZip parameters
  • Made all node properties lower case
  • Fixed issues with Global Catalog searching
  • Fixed several minor issues in ACL logic
Assets 8

@rvazarkar rvazarkar released this Apr 13, 2018 · 162 commits to master since this release

This is a hotfix release for BloodHound 1.5.0, and contains the following changes:

  • Fixed a major issue in cross-domain object resolution (thanks @dirkjan in the BloodHound slack)
  • Fixed the effective inbound GPO query on Computers/Users (thanks @qlemaire for the pull request)
  • Added quoting to CSV files to escape GPO and OU objects with commas
  • Added parsing of groups.xml for GPOLocalGroup
  • Add inbound object control to the GPO tab
  • Fix ACL ingestion query to properly index on name instead of GUID for GPOs

If you have a BloodHound cache file, please delete it or use the --Invalidate switch to create a new one and fix any invalid cached domain lookups.

Assets 8
You can’t perform that action at this time.