Identifying attack paths with BloodHound

Presented at Disobey 2020, Feb. 14, 2020, 12:45 p.m. (120 minutes).

Identifying hidden and often unintended attack paths is crucial for organisations since once an attacker obtains initial access into the network the first objective is to perform data collection. Attackers use these techniques, which will be covered in the training to identify attack paths that could be exploited to compromise the Active Directory environment.

The training is planned to roughly consist of the following topics: * Setting up and running BloodHound for data collection * Differences between data collection methods * Analysis of data collected by BloodHound * Using customised cypher-queries

Objective of this workshop is to give attendants the knowledge and capabilities on what is BloodHound and how to use it in their organisations to identify attack paths.

After the training, the participants have necessary skills to independently use BloodHound for data collection and analysis to identify and mitigate attack paths in their environment.

Pre-requirements: * Laptop with VirtualBox or VMWare * Internet connectivity * Kali pre-installed

Material: * Access to cloud instance containing database for data analysis * Pre-installed Kali images containing all necessary data (if you do not have Kali readily available - there will be time in the beginning of the workshop to set this up)


Presenters:

  • Niklas Särökaari - Senior Security Consultant at F-Secure Consulting
    Red Teamer at F-Secure. Holder of abbreviations.
  • Henri Nurmi - Security Consultant at F-Secure Consulting
    Red teamer and reverse engineer who likes take things apart rather than use them.

Links:

Similar Presentations: