BloodHound 2.0.4

This is mostly a maintenance release with some bug fixes and a few small new features.

New Features

• Added Cannot Be Delegated to user properties
• Added Dont Require Preauth to user properties (for ASREP roasting)
• Add LdapFilter option to fine tune collection (thanks @Tifkin)

Bug Fixes

• Fix notes field in dark mode
• Fixed various null pointer exceptions in data collection
• Fixed several help modal texts
• Fixed ACEs not actually importing for computer objects (thanks @dirkjanm )
• Fixed swapped menu icons
• Default LDAP to target primary domain controller
• Properly chunk data import so it doesn't die horribly

BloodHound 2.0.3.1

Fixes some bugs in BloodHound 2.0.3

BloodHound Rolling

Rolling release of BloodHound compiled from source (6a95882). Not necessarily stable. Automatically kept up to date with master, so ignore the commits since tag

BloodHound 2.0.2

This release expands GPO collection to include RDP and DCOM groups added via Group Policy.

It also expands GPO collection to include groups added to the administrators group via the member property. Huge thanks to @jonas2k for his pull request.

We've also added more data to node displays, and fixed some ingestion bugs

BloodHound 2.0.1

This is a bugfix release containing several fixes for issues reported by the community.

Special thanks to community members for helping to fix some of these bugs.

Bugfixes

Crash when using upload button (#200)
Fix for relayout button (#201)
Fix for crash when trying to enumerate enterprise DC group
Fix missing/incorrect documentation (Thanks @ClementNotin @elitest @jonas2k @Crypt0-M3lon)

BloodHound 2.0

This is a major feature release for BloodHound, introducing several new features, optimizations, and bugfixes. For a full changelog, see the blog post at https://blog.cptjesus.com/posts/bloodhound20

OLD DATABASES WILL NOT BE FULLY COMPATIBLE WITH BLOODHOUND 2.0

Changelog

User Interface

• Added 4 new edges - ExecuteDCOM, CanRDP, AllowedToDelegate, ReadLAPSPassword
• Rewrote ingestion logic to support new JSON
• Added Drag and Drop Ingestion Support
• Added new properties on nodes
• Added the ability to add Edges and Nodes from the UI
• Added the ability to delete Edges and Nodes from the UI
• Added the ability to modify Nodes in the UI
• Added attack primitive help text
• Added High Value/Owned Designators to Nodes (Original idea by @porterhau5)
• Added Notes + Pictures to Nodes
• Added a beta dark mode (Original idea by @sadprocessor)
• Added right click context menu to edges + empty graph space
• Optimized a few queries
• New Loading Gif (Credit to Elizabeth Ostasiewski)
• Fixed some bugs in ingestion logic (Thanks @_dirkjan)

SharpHound

• Rewrote output to JSON
• Merged LDAP queries to improve performance
• Cached LDAP connections to improve performance (Credit to @Meatballs__)
• Added DCOnly Collection Method
• Added ACL collection for computers
• Defaulted output to Zip, added EncryptZip, ZipFileName, RandomFilenames, NoZip parameters
• Made all node properties lower case
• Fixed issues with Global Catalog searching
• Fixed several minor issues in ACL logic

BloodHound 1.5.2

This is a hotfix release for BloodHound 1.5.0, and contains the following changes:

• Fixed a major issue in cross-domain object resolution (thanks @dirkjan in the BloodHound slack)
• Fixed the effective inbound GPO query on Computers/Users (thanks @qlemaire for the pull request)
• Added quoting to CSV files to escape GPO and OU objects with commas
• Added parsing of groups.xml for GPOLocalGroup
• Add inbound object control to the GPO tab
• Fix ACL ingestion query to properly index on name instead of GUID for GPOs

If you have a BloodHound cache file, please delete it or use the --Invalidate switch to create a new one and fix any invalid cached domain lookups.

BloodHound 1.5.1

This is a hotfix release for 1.5.

Please use the UI to clear your database. This will delete your current constraints and indexes and re-create the proper ones.

Alternatively, create a new database.

BloodHound 1.5 - The Container Update

This release expands the BloodHound attack graph schema to include OU and GPO nodes, as well as adding several new features and bugfixes.

Changelog

User Interface

• Added GPO and OU Nodes
• Added the Owns relationship
• Upgraded search bar
• New pre-built queries and prebuilt query format
• Added options
• Improved Domain Nodes

SharpHound

• Added Container and All Collection Methods
• Ability to specify multiple collection methods
• Throttle and Jitter
• Deprecation of REST API
• Several bugfixes

For more information regarding the Container update, with far more detail, refer to the blog post here

BloodHound 1.4 - The Object Properties Update

This release expands the BloodHound attack graph schema to include Object Properties on nodes, as well as fixes issues preventing BloodHound from working with Neo4j 3.1.6 and above.

Changelog

User Interface

• Added User and Computer Object Properties
• Rewrote CSV ingestion to be more stable
• Added zip ingestion
• Fix issues with Neo4j 3.1.6+

For more information regarding the Object Properties update, refer to the blog post here

Ingestors

• Replaces the old PowerShell ingestor with the new SharpHound ingestor.

For more information regarding the new ingestor, refer to the blog post here