BloodHound From Red to Blue

Presented at DerbyCon 9.0 Finish Line (2019), Sept. 6, 2019, 1 p.m. (45 minutes)

BloodHound (by SpecterOps) was originally built for Pentesters to easily identify highly complex attack paths but it can also be used to improve the overall security posture of your Active Directory. We will start with a short introduction to graph databases and how the different parts of Bloodhound work. We will then discuss some useful tips on using the GUI to visualize various attack paths then we will venturing into the world of custom Cypher Queries. Using this new knowledge, we will set off on a path of destruction, targeting the attack paths in our environment and visualizing the effects of our planned remediations on these attack paths.


Presenters:

  • Mathieu Saulnier
    Mathieu Saulnier is a “Security Enthusiast” ©@h3xstream. He has held numerous positions as a consultant within several of Quebec’s largest institutions. For the last 6 years he has been focused on putting in place a few SOC and has specialized in detection (Blue Team), content creation and mentorship. He currently holds the title of « Senior Security Architect » and acts as “Adversary Detection Team Lead” and “Threat Hunting Team Lead” at Bell Canada one of Canada’s largest carrier. In the last decade, he has taken two separate sabbaticals to travel Africa and Asia.

Links:

Similar Presentations: