Tool: BloodHound

Description

[BloodHound](https://attack.mitre.org/software/S0521) is an Active Directory (AD) reconnaissance tool that can reveal hidden relationships and identify attack paths within an AD environment.(Citation: GitHub Bloodhound)(Citation: CrowdStrike BloodHound April 2018)(Citation: FoxIT Wocao December 2019)

External References

• mitre-attack
• FoxIT Wocao December 2019
• CrowdStrike BloodHound April 2018
• GitHub Bloodhound

Techniques Used by This Tool

• T1018 — Remote System Discovery
• T1033 — System Owner/User Discovery
• T1059.001 — PowerShell
• T1069.001 — Local Groups
• T1069.002 — Domain Groups
• T1087.001 — Local Account
• T1087.002 — Domain Account
• T1106 — Native API
• T1482 — Domain Trust Discovery
• T1560 — Archive Collected Data
• T1615 — Group Policy Discovery

APT Groups Using This Tool

• Wizard Spider
• TA505
• Play
• Ember Bear
• APT29
• Chimera