
Active Directory BloodHound Medium
This module covers AD enumeration focusing on the BloodHound tool. We will cover various techniques for enumerating key AD objects that will inform our attacks in later modules.
Created by
mrb3n
Co-Authors:
ippsec, plaintextHTB
Summary
This module introduces the BloodHound tool. We will learn how to gather and analyze data gathered using the SharpHound ingestor and how this information can be used as input to other tools during later parts of an AD-focused penetration test. In this module, we will cover:
- Enumerating key AD objects such as users, groups, computers, ACLs, and GPOs
- Enumerating AD trust relationships
- Analyzing BloodHound and other tool data
- AD enumeration from a non-domain joined Linux and Windows attack box as well as a compromised domain-joined host
- Extending BloodHound by writing custom Cipher queries
This module is broken down into sections with accompanying hands-on exercises to practice each of the tactics and techniques we cover. The module ends with a practical hands-on skills assessment to gauge your understanding of the various topic areas.
As you work through the module, you will see example commands and command output for the various topics introduced. It is worth reproducing as many of these examples as possible to reinforce further the concepts introduced in each section. You can do this in the Pwnbox provided in the interactive sections, Windows machines in a lab environment as directed, or your own virtual machine.
You can start and stop the module at any time and pick up where you left off. There is no time limit or "grading," but you must complete all of the exercises and the skills assessment to receive the maximum number of cubes and have this module marked as complete in any paths you have chosen.
The module is classified as "Medium." It assumes a working knowledge of Active Directory, the Linux and Windows command line, PowerShell, an understanding of information security fundamentals, and a firm grasp of AD enumeration processes and techniques.
A firm grasp of the following modules can be considered prerequisites for successful completion of this module:
- Introduction to Networking
- Linux Fundamentals
- Active Directory LDAP
- Active Directory PowerView
Sections
- BloodHound Overview
- BloodHound Data Collection
- BloodHound Python
- Analyzing BloodHound Data
- Extending BloodHound - Custom Cypher Queries
- Active Directory Bloodhound - Skills Assessment
Relevant Paths
This module progresses you towards the following Paths

Hard 27 Sections
Cubes Required: 2500
Active Directory (AD) is widely used by companies across all verticals/sectors, non-profits, government agencies, and educational institutions of all sizes. By its nature, AD is easily misconfigured and has many inherent flaws and widely known vulnerabilities. Due to the sheer number of objects and in AD and complex intertwined relationships that form as an AD network grows, it becomes increasingly difficult to secure and presents a vast attack surface. AD environments can become quite large and often hold many obvious and more difficult to discover flaws. A deep understanding of AD enumeration techniques and tools is essential to becoming a well-rounded information security professional.