Hi brother. Wanted to thank you,6 months ago i discovered this world thanks to your chanel. I just love it and since then i learn everyday. Props, take care of you and keep going with the good stuff!
I got a ton of pushback about using this in prod on a blue team. I dont think its justified after talking to my offensive friends. There needs to be more awareness about this being okay to use bc somehow im the only one on my team that didnt believe it would destroy our AD environment.
I'd say they are ganging up on you knowing they would need to give a chunk of their work done by BH. If one is literate and knows how to read I don't see how he would mess up AD?
@@VJ-lu2he I think half the team didn't know what it even was and one guy who definitely knew better fear mongered it and everyone freaked out lol. But you may be on to something with the one guy who fear mongered bc he does a lot of AD type stuff.
IMO there's no reason for any pushback by a blue team. Either they're scared of security flaws being uncovered that they've configured unknowingly or they simply don't understand its usage to a full extent
I work in the field and its more than likely because it will fire alerts when seen as a file. So most ignorant people think its some kind of malware... which they just need to know its firing an alert simply based off a name or hash "bloodhound.exe" or some itteration and that's it! Not because its malware, but they don't know that as they are ignorant. Bloodhound simply uses netsessionenum command to ask questions not change shit.
The problem is collection method where sharphound is not gonna cut it, cos its super loud out of the box. One has to query AD parse and structure data to even think about using bloodhound
Ladies and gentleman ,skiddies and trolls ...give it to our leader....skid army ..........."JHammond"....i love your content bro...all the way from Botswana
Nah, I think NetworkChuck and David Bombal contribute WAAAAAYYYY more to the *skiddie army.* At least John knows what he's doing and when he creates a video that's "too much" (i.e. his HoneyBadger video) he takes it down.
If AD traffic is encrypted, how does Bloodhound develop graphical Attack Paths? Does it actively query devices, sniff traffic and log it all into the path map?
30:27 My only criticism in this industry is that professionals seem 2 terms to've keyed. "Standing on the shoulders of giants" and "_ " _ ALL the _". independent they're a very rich history artifacts. Combined its like "HOW DO I DO ALL THE THINGS FROM THIS GIANTS SHOULDER"
I apologies I’m still a script kitten 😅 currently building my own educational testing environment. This would be good to learn fundamentals of attack? Or am I wrong in that case
You are absolutely right. Your educational testing environment (either home developed or there are a lot of training options available for fair prices) should incorporate AD and BloodHound is the first step in understanding the connections and how you can abuse them.
I agree 100%. I can't remember the last time John did a completely unsponsored video, I do miss those days. I do understand the "business" of his YT channel and now that he's fast approaching 1 million subs he's getting more sponsored opportunities and if he's going to be creating vids at 1am he mine-as-well make as much money as possible from them. I will forever appreciate John's giving back to (and building) the community, both on the blue and red team sides of the house. But yes, I think the unsponsored 40 min deep dive/analysis of malware using open-source tools and processes videos are long gone. Good for John on his newfound success, it's long overdue.
BloodHound's default enumeration has been fingerprinted by most EDR/AV products. You can get around this in a couple ways depending on the product and it's always a bit of a cat and mouse game. If you're running it internally at your organization for blue-team purposes, allow-listing is your best bet to capturing the required data @@gamerscodex5454
every time i drag and drop my sharphound outputs, it doesn't go to the database instead it simply gets downloaded back. am i doing it wrong? do i have to upload files via manual ingest?
Regardless of your religious beliefs or political views was it ok for hamas to come in and attack hundreds if not thousands of people that day. Killing and injuring innocent people having a good time and minding there own business. Iives are lives. We all come from the same source no matter what you call the so called God it's the same being. There is no my God is better than your God it's the same entity. So free all people. It's like black lives matter. No black lives don't matter. All lives matter. Period.
And plus it's absolutely ridiculous your saying free Palestine in this channel. When this channel is a technical channel. So go elsewhere for that crap.
One feature they missed in the CE edition is “mark user as owned” it’s super beneficial to find attack paths as well 😢
This is coming very soon!
It is available now, just tested it
Hi brother. Wanted to thank you,6 months ago i discovered this world thanks to your chanel. I just love it and since then i learn everyday. Props, take care of you and keep going with the good stuff!
What things did you learn??
@@djnikx1 pentest, playing ctf's etc.
And BHE marketing campaign should be: let defenders think in graphs too :) really cool
Love the new dockerization. Makes running this on windows sooooo much nicer.
Great content. Used Bloodhound in the past. But the upgrades look awesome!
I got a ton of pushback about using this in prod on a blue team. I dont think its justified after talking to my offensive friends. There needs to be more awareness about this being okay to use bc somehow im the only one on my team that didnt believe it would destroy our AD environment.
I'd say they are ganging up on you knowing they would need to give a chunk of their work done by BH. If one is literate and knows how to read I don't see how he would mess up AD?
@@VJ-lu2he I think half the team didn't know what it even was and one guy who definitely knew better fear mongered it and everyone freaked out lol. But you may be on to something with the one guy who fear mongered bc he does a lot of AD type stuff.
IMO there's no reason for any pushback by a blue team.
Either they're scared of security flaws being uncovered that they've configured unknowingly or they simply don't understand its usage to a full extent
I work in the field and its more than likely because it will fire alerts when seen as a file. So most ignorant people think its some kind of malware... which they just need to know its firing an alert simply based off a name or hash "bloodhound.exe" or some itteration and that's it! Not because its malware, but they don't know that as they are ignorant. Bloodhound simply uses netsessionenum command to ask questions not change shit.
Sick! Thanks for the tool upgrade!
The most useful video I have seen in many months! INCREDIBLE
This is great content that taught me something!
Also, PowerShell rules.
The problem is collection method where sharphound is not gonna cut it, cos its super loud out of the box. One has to query AD parse and structure data to even think about using bloodhound
Ladies and gentleman ,skiddies and trolls ...give it to our leader....skid army ..........."JHammond"....i love your content bro...all the way from Botswana
Nah, I think NetworkChuck and David Bombal contribute WAAAAAYYYY more to the *skiddie army.* At least John knows what he's doing and when he creates a video that's "too much" (i.e. his HoneyBadger video) he takes it down.
You guys are fire right now.💥🤯
The dude at the bottom has the "Rami Malek" eye movements and i cant stop relating
lol this is me and so true
Love this man loooooove this ❤
This is pretty mind blowing. Legit audit tool now.
Next ? Sn1per ? 😂
Informative video 🔥👏
Amazing content John! Thank you very much for sharing.
Thank you so much John for this! So much learnt and I use this tool myself now to a higher degree
is there a way to mark users as owned and find paths based off of that user, like that was in 'old' bloodhound?
it's coming very soon
@@JustinKohler10 if i could heart your comment i would
> Powershell
> Best language
You can only pick one.
I said what I said :p
@@robbinsandy110% dis is da way
All you can really say is... WOW!
If AD traffic is encrypted, how does Bloodhound develop graphical Attack Paths?
Does it actively query devices, sniff traffic and log it all into the path map?
So even before starting an AD pentest,it's better to run bloodhound just to know your path that you should take..
yuuuup
30:27 My only criticism in this industry is that professionals seem 2 terms to've keyed. "Standing on the shoulders of giants" and "_ " _ ALL the _". independent they're a very rich history artifacts. Combined its like "HOW DO I DO ALL THE THINGS FROM THIS GIANTS SHOULDER"
I apologies I’m still a script kitten 😅 currently building my own educational testing environment. This would be good to learn fundamentals of attack? Or am I wrong in that case
You are absolutely right. Your educational testing environment (either home developed or there are a lot of training options available for fair prices) should incorporate AD and BloodHound is the first step in understanding the connections and how you can abuse them.
❤ your videos are very important
😊Another gem
great work.
Early crew. :3
specterops is amazing!
Is it okay to keep the old bloodhound ? 😅 i'm not saying it's better than the new one, but just asking if it's still reliable
Thank you.
Running to go download
I will watch it till the end
BloodCat is coming...
feels good to hear john natural and not scripty. love your work man, but lately it feels robotic and hypee.
I agree 100%. I can't remember the last time John did a completely unsponsored video, I do miss those days. I do understand the "business" of his YT channel and now that he's fast approaching 1 million subs he's getting more sponsored opportunities and if he's going to be creating vids at 1am he mine-as-well make as much money as possible from them. I will forever appreciate John's giving back to (and building) the community, both on the blue and red team sides of the house. But yes, I think the unsponsored 40 min deep dive/analysis of malware using open-source tools and processes videos are long gone. Good for John on his newfound success, it's long overdue.
for some reason can't find the wiz video, anyone know if its still up?
How noisy is this to CrowdStrike and Huntress?
curious about this too, will Crowdstrike notice it?
MS Defender for endpoint edr/xdr does detect it, i think crowdstrike would too
BloodHound's default enumeration has been fingerprinted by most EDR/AV products. You can get around this in a couple ways depending on the product and it's always a bit of a cat and mouse game. If you're running it internally at your organization for blue-team purposes, allow-listing is your best bet to capturing the required data @@gamerscodex5454
every time i drag and drop my sharphound outputs, it doesn't go to the database instead it simply gets downloaded back. am i doing it wrong? do i have to upload files via manual ingest?
You need to click the file upload modal before you drag your file over. Let me know if you still have issues
now i am doing testing in highly patched environment
❤
I guess I'm not as smart. What terminal do I open to install the yml file?
I will translate your video into another language and upload it on TH-cam. I will not give you any commission but I will give you 50% of it.
Love me some ps
Free Palestine ❤
It is free take 💪🏾😈.
Regardless of your religious beliefs or political views was it ok for hamas to come in and attack hundreds if not thousands of people that day. Killing and injuring innocent people having a good time and minding there own business. Iives are lives. We all come from the same source no matter what you call the so called God it's the same being. There is no my God is better than your God it's the same entity. So free all people. It's like black lives matter. No black lives don't matter. All lives matter. Period.
And plus it's absolutely ridiculous your saying free Palestine in this channel. When this channel is a technical channel. So go elsewhere for that crap.
how to hack other public ip address only i have that error can you help me😊😊
Script kiddie. A youtube comment section isn't the right place for this
true@@thedarkdiamond1207
@@thedarkdiamond1207so where to get in the hacking community? Stopped hacking since WPAs were announced uncrackable
@@thedarkdiamond1207 can you help me