Hands-on BloodHound - Intro to Cypher Workshop

Bloodhound is a unique open-source Active Directory object relationship graphing tool. Initially designed for offensive purposes, it has also become a tool of choice for Defenders & AD Admins wanting to have a clearer picture of their Domains/Forest. In this Workshop, attendees will learn the core Bloodhound concepts and UI features, before diving into Cypher - the Neo4j database query language. Understanding the basic Cypher syntax is important for users who want to get the most out of bloodhound.

After introducing the basic concept behind Bloodhound and it’s main features, we will dive into cypher queries, basic and advanced, including Metrics. Various Cypher input techniques will be demonstrated, as well as a custom PowerShell tool build to interact with the database and allowing for advanced bloodhound automation, This training is a hands-on training and there will be a good share of practice. Attack Paths will be studied and tested in the lab with PowerShell Empire as an attack framework. We will also study how to manipulate the database at scale from the command line in order to test hardening hypothesis.

Prerequisites

Understanding of core AD concepts. Affinity with code and DIY (basic scripting knowledge) is a plus.

Requirements

Laptop with hypervisor

About the Speaker