October 25-28, 2017!! We’re going to have so much fun! Hopefully you can join us!
Back To Schedule
Friday, October 27 • 13:30 - 14:15
Extending BloodHound for Red Teamers

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

BloodHound has changed how red and blue teams approach risk in Active Directory environments. The interface is slick, the install is painless enough considering the dependencies, and the pre-built analytics deliver actionable intelligence. However, BloodHound isn’t just another fire & forget tool, it’s a platform for users to build on. The foundational elements – a reliable backend, a means for ingesting, querying, and displaying data – are already taken care of. The piping is in place for users to extend the already-great features and tailor it to their specific job function or workflow.

This talk will cover how I’ve adapted BloodHound to enhance my workflow as a penetration tester. I’ll demonstrate custom extensions used to track and visualize compromised nodes, highlight privilege gains, represent password reuse between users or computers, blacklist unwanted nodes and relationships, and more. Folks who attend this talk will gain a solid understanding of BloodHound’s underlying Neo4j data structures, as well as how to write Cypher queries in order to build their own BloodHound customizations.

avatar for Tom Porter

Tom Porter

Sr. Security Consultant, FusionX
Tom Porter (@porterhau5) started his professional career as a baseball player with the San Diego Padres organization. In 2010, he switched careers and began writing netflow analytics for a DoD-based blue team, eventually pivoting to a role as an offensive security consultant for the... Read More →

Friday October 27, 2017 13:30 - 14:15 MDT
Pine Crest A