Bloodhound is a tool for quickly gathering and visualizing Active Directory attack paths.
- Always use SharpHound.exe (and any other Bloodhound ingestor) matching current bloodhound version
- Go to Bloodhound GitHub page. Navigate to the collectors and download the SharpHound available there. If another bloodhound version is used (other than the latest), then try to view the repository under another version tag.
- Remember to use
SharpHound -c all
(if possible; also consider stealth mode / DC only) - Mark owned principals and scrummage through each item under the principal (e.g. permissions, delegations, group memberships, etc)
- Check out the default searches (e.g. shortest paths from owned principals)