BECOME A BLOODHOUND OPERATORYou hear some of the Red teamers talk about Attack Paths, OpenGraph, and Cypher queries but you are not sure what it’s all about? No worries, we’ve got you covered. We’ll take you from new BloodHound user to power-level-over-9000-BloodHound-Ninja. During this workshop, we start from the basics and guide you from setup all the way to becoming a capable, hands-on BloodHound operator.
This workshop is aimed at
new to intermediate BloodHound users. Besides a laptop and limited technical knowledge, there are
no special requirements for joining.
Join us and learn to understand Attack Paths like adversaries do.
AbstractThis one-day workshop introduces the core concepts and terminology associated with BloodHound, details the basics BloodHound usage, and discusses possible BloodHound extensions. The workshop alternates lectures and hand-on lab exercises (~50/50). Trainees will learn how to install, configure, and operate BloodHound Community Edition. The goal is to get everyone familiar with all aspects of BloodHound, so that it will hold no secrets for them after this workshop.
Workshop outlineDuring the workshop, we will cover the following topics:
Module 1 - Concepts & Components- Thinking in Graphs
- Graph Theory & Graph Terminology
- BloodHound Evolution
- BloodHound Data Model
- BloodHound Application Components
- BloodHound Code & Documentation
- BloodHound Slack
Module 2 – Installation & Discovery- Installing BloodHound
- Initial Login
- UI Discovery
- Basic Docker Commands
Module 3 - Data Collection & Ingestion- Downloading Collectors
- SharpHound Data Collection
- AzureHound Data Collection
- Ingesting Data & Data Quality
- Ingestion Under the Hood
- Deleting Data
Module 4 - Data Exploration & Cypher Basics- Retrieving Nodes & Properties
- Retrieving Edges & Paths
- Built-In Queries
- Intro to Cypher
- Custom Queries
- Cypher Tips & Tricks
Module 5 - BloodHound Administration- User Management
- SSO Configuration
- Config & Early Feature Access
Module 6 - BloodHound API & Automation- API Explorer
- API Tokens
- Request Signature
- API Call
- Running Cypher Queries
Module 7 - Advanced BloodHound Usage- Direct DB Access
- Mutating Queries
- OpenGraph
- Integration Concepts
- BloodHound Related Tooling
- BHOperator Demo
Extra InfoThis is not an Active Directory training, but we will talk about it a lot.
This is not an Offensive tradecraft course, but we will talk about it a lot.
And of course, we are happy to discuss any questions that come up during the workshop.
What to expect?The workshop takes
4 to 6 hours in classes up to
20 people. We aim for an open and intimate setting, where everyone is free to share and ask questions.
Basic
Active Directory,
Azure and
InfoSec knowledge is required. Offensive security knowledge is
not required.
Bring
a laptop capable of running
BloodHound Community Edition in Docker, as this is
a hands-on workshop. Make sure Docker Desktop is installed before the Workshop.
