search

BloodHound

hashtag
Configure collector(SharpHound)

  • First use Invisi shell then again bypass .net AMSI for powershell using the provided AMSI bypass in lab manual then

. C:\AD\Tools\BloodHound-master\Collectors\SharpHound.ps1
Invoke-BloodHound -CollectionMethod All

OR

SharpHound.exe --CollectionMethods All

hashtag
Less detection

Invoke-BloodHound -Stealth
SharpHound.exe --Stealth

hashtag
Avoid MDI Detections

Invoke-BloodHound -ExcludeDCs

hashtag
NOTE:

Use compitable version of bloodhound and sharphound

hashtag
To-do

  • Upload the data to bloodhound and check shortest path to domain admins, this should be done after doing priv esc on compromised machine and finding local admin access because latest version of bloodhound 4.2.0 has a bug where it doesnot show a user's local admin rights on another machine.

PreviousMimikatzNextLateralMovement

Last updated