My notes:
- More useful for Blue Team (than Red Team).
- A very noisy domain enumeration tool at network.
- 2 parts: Ingestors and GUI.
- snapshot of the status pf AD.
- Find all Domain Admins
- Show the shortest path to Domain Admins
- Show principals with DCSync rights
- Map domain trusts
- show shortest paths to unconstrained delegation systems
- show shortest paths from kerberoastable users
- show shortestpatch to domain admins from kerberoastable users
- show shortest paths from owned principals
- show shortest paths to domain admins from owned principals
- show shortest paths to high value targets
. .\SharpHound.ps1
Invoke-BloodHound -CollectionMethod All -Verbose
c:\neo4j\neo4j-win\bin\neo4j.bat
bolt:localhost:7687
neo4j:neo4j
Invoke-BloodHound -CollectionMethod LoggedOn -Verbose
# Avoid detection like ATA
Invoke-BloodHound -CollectionMethod All -ExcludeDC