BloodHound: Open-source Pentesting Tool to Map Active Directory & Azure Attack Path

SpecterOps announced BloodHound Community Edition (CE), which will be available in early access on August 8, 2023!

SpecterOps is a cybersecurity company that provides services and training solutions to help enterprises defend against attacks.

BloodHound Enterprise is the company’s first defense solution for enterprise security and identity teams.

SpecterOps released version 5.0 of BloodHound Community Edition (CE), a free and open-source penetration testing solution that maps attack paths in Microsoft Active Directory (AD) and Azure environments.

With the release of BloodHound CE, both CE and BloodHound Enterprise (BHE) now run on the same base code. 

This deduplication of effort will enhance the ability to deliver, test, and maintain the BloodHound product family.

And will allow better tracking and managing bug reports and feature requests across the BloodHound product family, making everything faster and more efficient, said the Bloodhound team.

BloodHound Community Edition

This update brings many enterprise-grade usability features to BloodHound CE, like containerized deployment, REST APIs, user management, and access control. 

It also significantly improves performance while streamlining development allowing for faster development and incorporation of community contributions.

Updates to BloodHound Enterprise include the ability to run custom Cypher queries, which will let Enterprise users explore and gather additional information from their directory service infrastructure.

“Previously, users needed to manually download and install the individual components of BloodHound, including a specific version of a specific graph database management system,” Robbins said. 

“This was a complicated process that could take hours. Now, everything needed to run BloodHound CE is packaged in a container so the correct versions of all necessary software will download and install with a single click.”

The containerized deployment will also enable enterprise-grade user management with multi-user support through role-based access control (RBAC).

“Our commitment to the BloodHound community and the goals of the project remain the same as always: helping penetration testers and defenders uncover the hidden, unintentional, and exploitable relationships in Active Directory.”

BloodHound Enterprise users will now be able to write custom Cypher queries to explore their active directory (AD) environments with safeguards in place, borrowed from Bloodhound CE, to prevent queries from accidentally causing security or performance issues. 

All previous versions of BloodHound (everything before v5.0) will be referred to as “BloodHound Legacy” and will remain available going forward.

Bloodhound Pentesting

The company confirmed the BloodHound CE release blog from “Andy Robbins” co-creator of BloodHound and principal product architect at SpecterOps, on August 8, 2023, will go live alongside all the new early access codes. 

And the company is showcasing the new capabilities at the Black Hat conference on August 9.

BloodHound was created in 2016 by Rohan Vazarkar, Will Schroeder, and Andy Robbins. BloodHound has been recommended by the US Cybersecurity Infrastructure Security Agency (CISA) and by Microsoft to help secure Microsoft Active Directory and Azure AD.

Keep yourself informed about the latest Cyber Security News by following us on GoogleNews, Linkedin, Twitter, and Facebook.

Sujatha is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under her belt in Cyber Security, she is covering Cyber Security News, technology and other news.