Release |
BloodHound |
SharpHound |
AzureHound |
2024-09-10 Release Notes (v5.15.0) |
New and Improved Features
- New Attack Path: WriteGPLink (Thank you, @q-roland, for your contribution! Requires SharpHound v2.5.6+).
- Added 22 additional AD properties, including information about authentication, passwords, and extra domain/trust information with supporting saved queries (Requires SharpHound v2.5.6+).
- Added support for GenericWrite Attack Paths targetting OUs and Domain objects (Thank you, @q-roland, for your contribution! Requires SharpHound v2.5.6+).
- Updated ESC6a logic to no longer require weak certificate mapping after confirming that it no longer prevents the escalation.
- OUs that contain Tier Zero / High Value objects will now be automatically tagged as Tier Zero objects, too.
- ESC6/9/10 analysis logic will now include domain controllers from child domains as well.
- Added a Login URL property to Entra Users to show the user's SSO URL.
- Removed all "CanAbuse" non-transitive edges from the graph schema and updated ESC logic accordingly.
-
[CE Only] Owned objects will now show an associated glyph icon in Explore (Thank you, @palt, for your contribution!).
Bug Fixes
- Fixed abuse info on multiple Attack Paths that grant the ability to abuse LAPS settings.
- Improved JSON error handling for file uploads.
- File uploads should no longer get stuck on "Analyzing."
-
[BHE Only] Fixed an issue where specific collection jobs would trigger twice.
-
[BHE Only] Attack Path titles may now easily be copied again.
|
SharpHound (v2.5.8 - BHE, v2.5.6 - CE)
New and Improved Features
- Complete re-write of LDAP connection and collection logic, resulting in improved consistency and performance.
- Add support for the collection of 22 additional properties and for GenericWrite Attack Paths targeting OU and Domain objects.
-
[BHE Only] Moved auth.json and settings.json to the service user's APPDATA directory.
Bug Fixes
-
[BHE Only] Resolved several cross-trust collection issues.
|
AzureHound (v2.2.1)
New and Improved Features
- Reduced default number of concurrent connections opened with Entra/Azure APIs (Thank you, @olafhartong, for your support in identifying the cause of these issues)
- Added several optional performance-tuning settings
- Reduced volume of data output by pruning empty or unnecessary fields (Thank you, @malacupa, for your support in identifying the cause of these issues)
-
[BHE Only] Reduced default batch size for upload of data to BloodHound Enterprise
|
2024-08-20 Release Notes (v5.14.0) |
New and Improved Features
- Added support for ADCS certificate chains crossing AIA Certificate Authorities
- Improved logic across all included cypher queries for improved performance
- Clarified the "blocksinheritance" property on OUs is specific to GPO inheritance
- Users without administrative privileges will no longer see Group Management actions in right-click context menus
- Added support for ingesting JSON files which include UTFBOM encoding
Bug Fixes
- Improved visibility of several buttons and elements in dark mode
- Added abuse information for the GPLink edge
- Fixed the count of objects displayed in the Group Management page
|
Note: We are working on a new version of SharpHound that has improved performance and reliability when querying data via LDAP. If you would like to test that version, please get in touch with your TAM.
|
No new release.
|
2024-08-06 Release Notes (v5.13.1) |
Bug Fixes
- Resolved an issue where hybrid paths were not created when the AD object did not have a known object type during path creation.
- The 2FA login screen will no longer return to the username/password screen if the browser window is unselected before completing the login flow.
-
[BHE Only] Resolved a race condition during analysis in highly-available deployments
|
Note: We have reverted the available SharpHound build to v2.4.1 while we address issues identified in v2.5.4.
|
No new release.
|
2024-08-01 Release Notes (v5.13.0) |
New and Improved Features
- New Attack Paths: Entra-AD User Syncing
- Improved analysis performance - DCSync
- Added visibility of the current API version to the My Profile page
-
[Early Access] BloodHound dark mode
Bug Fixes
- Resolved an issue that resulted in objects having multiple types after import to BloodHound (A collection will be required to reintroduce appropriate object types on affected principals)
- File ingest will now show partial errors on upload
- Hovering errors in the Cypher query editor will no longer overflow the viewable area
- Negative numbers will now compare properly in Cypher
- Fixed a logic issue on composition panels for ESC3, 4, and 6 for multi-tier PKI environments
- Updated logic for EnrollOnBehalfOf to utilize the proper EKU property
- Improved error handling in specific circumstances on file ingest
-
[BHE Only] Resolved an issue with collectors improperly incrementing job counts
|
SharpHound (v2.5.4 - BHE, v2.5.4 - CE)
Note: SharpHound's LDAP libraries have undergone a complete rewrite to improve stability and resolve issues. This will resolve issues that are not explicitly captured in these release notes. We will continue to iterate as we find more issues. Please work with your TAM if you have any questions about upgrading.
New and Improved Features
- Improved logic for identifying and querying available DCs (when a DC is not specified)
- Reduced reliance on paged LDAP queries for improved LDAP query performance
- Introduced a connection pool for improved LDAP query performance
- Improved fallback and retry logic for LDAP ServerDown message
- Computer availability for Local Group and Session collection will now be based on the last logon instead of the last password rotation
- Improved logging levels and message outputs
Bug Fixes
-
[BHE Only] Resolved an issue where allowing LDAPS connections would only attempt connections on the LDAPS-specified port
-
[CE Only] Improved handling of control characters using the "collectallproperties" flag to resolve ingestion issues
|
No new release.
|
2024-07-17 Release Notes (v5.12.0) |
New and Improved Features
-
[BHE Only] Visual overhaul of the Attack Paths view
- Added documentation hints to all administrative pages
- Improved analysis performance - SyncLAPSPassword
- Example Azure data is now available
Bug Fixes
- Improved resolution of AzApp object names
- Reverted a change in Azure ingest that was resulting in inconsistent results in BloodHound
|
No new release.
|
No new release.
|
2024-06-17 Release Notes (v5.11.0) |
New and Improved Features
- Password changes will now require validation of your current password to complete
- Updated pre-defined queries and added a hygiene section
-
[BHE Only] Azure findings have been collapsed based on path type only, aligning with Active Directory finding types
-
[BHE Only] Clicking "Explore" on a finding will now automatically display the entity panel for the associated edge
-
[BHE Only] Findings documentation is now served by a proper API endpoint
Bug Fixes
- Azure principals with scoped Application Administrator or scoped Cloud App Admin role assignments will no longer receive a AzHasRole edge to the AzRole nodes. These nodes are only used for Tenant-scoped role assignments.
- Group Management view will now properly display members of custom groups
- Resolved several erroneous timeout issues
- Corrected inaccurate use of CONTAINS verb in several pre-defined queries
- Updated example abuse commands on several ADCS escalation paths
- Corrected specific certificate template names on entity panels
-
[BHE Only] Fixed several bugs in Azure finding logic
|
No new release.
|
No new release.
|
2024-05-28 Release Notes (v5.10.0) |
New and Improved Features
- Improved Cypher quality controls to prevent failure and errors
- Example Active Directory data now available
-
[BHE Only] Updated reference links for all Attack Path findings
-
[CE Only] Enable graph mutation via Cypher
Bug Fixes
- Entity panels will now appear regardless of the object type selected
-
[CE Only] Added missing package caches for offline builds
|
No new release.
|
No new release.
|
2024-05-09 Release Notes (v5.9.0) |
New and Improved Features
- Support for ADCS ESC 13 (Requires SharpHound v2.4.1+)
- Added support for GenericWrite edges to ADCS node types
- Improved performance of AZAddSecret paths
Bug Fixes
- DCSync edges will no longer be filtered out from Tier Zero / High-Value principals
- ADCS ESC 1 edges will now generate properly across multiple domains regardless of domain collection status
- Several fixes to Edge Composition responses
-
[BHE Only] Collection schedules should now consistently display their scheduled start time
-
[BHE Only] Finished Jobs Log pagination controls no longer scroll
-
[BHE Only] Improved fallback logic for the Attack Paths page in the event of an unexpected failure
-
[CE Only] Modifying the default_admin fields will now properly reflect in a newly created environment
|
SharpHound (v2.4.1 - BHE, v2.4.1 - CE)
New and Improved Features
- Collection support for Issuance Policy Nodes
- Improved identification logic for Contains edges
- Added support for specific obsolete Trust type values
Bug Fixes
- Resolved several issues related to cross-trust collections
|
AzureHound (v2.1.9)
New and Improved Features
- Added backoff/retry logic to several calls for improved stability and resiliency
Bug Fixes
- AZAppAdmin and AZCloudAppAdmin edges will now properly link to the AzApps they target
|
2024-04-15 Release Notes (v5.8.1) |
New and Improved Features
- Improved status messaging for the File Ingest Log
- Added additional node-type statistics to Data Quality
-
[BHE Only] Improved performance for collection schedules for extremely large environments
Bug Fixes
-
[BHE Only] DcFor edges will no longer appear in the Attack Path tree view
- Resolved multiple vulnerabilities identified across the product
|
v2.3.10 - BHE, v2.3.3 - CE
Bug Fixes
-
[BHE Only] Resolved an issue where the SharpHound service would restart in specific scenarios.
|
No new release.
|
2024-03-27 Release Notes (v5.8.0) |
New and Improved Features
- File Ingest now supports .ZIP format and large files!
- Option to clear database from within Administration!
- Support for ADCS ESC4 Attack Path
-
[BHE Only] BUILTIN\Users group will now appear within Large Default Groups findings
- Improved accuracy on several ADCS components
- Several API performance consistency improvements
- Various minor UI improvements
Bug Fixes
- Custom asset groups will no longer allow whitespace in tag property
-
[CE Only] Improved alignment of arrows and edges on graph canvas
- Various minor UI bug fixes
-
[BHE Only] Added finding documentation for the "Add Secret to Tier Zero Service Principal" finding
|
v2.3.7 - BHE, v2.3.3 - CE
New and Improved Features
-
[BHE Only] SharpHound Enterprise will now properly throw an error if SharpHoundRPC.dll is missing
Bug Fixes
- Failure to resolve SIDs from hostname will no longer result in errant object creation in BloodHound
-
[BHE Only] Resolved an issue where attempting to collect from uncollectible domains would result in SharpHound service restart.
|
v2.1.8
New and Improved Features
- Improved logging outputs on application panic
|
2024-03-05 (v5.7.1) |
Bug Fixes
- Resolved an issue with group name ingestion
|
No new release.
|
No new release.
|
2024-03-04 Release Notes (v5.7.0) |
New and Improved Features
- Added support for AD Certificate Services ESC 6b / 9b / 10b Attack Paths
- Reduced memory impact during data ingest
- Improved performance on the Group Management view
- Improved visualization of edges that begin and end at the same node
Bug Fixes
- [BHE Only] Fixed an issue with Microsoft Graph App Role reconciliation
- [BHE Only] Truncated exposure measurements to two decimal places on the Attack Paths view
- Resolved several issues related to unexpected timeouts
- Improved handling of invalid JSON during ingest
- Creating custom asset groups no longer allows whitespace in the "tag" property
|
No new release.
|
No new release.
|
2024-02-14 Release Notes (v5.6.0) |
New and Improved Features
- General Availability of AD Certificate Services paths: GoldenCert, ESC1, ESC3, ESC6a, ESC9a, ESC10a (requires latest version of SharpHound)
- New "Power User" role was added in BloodHound as a bridge between "User" and "Administrator"
- Added filtering capabilities to the Group Management view
- Significant expansion of data available in BloodHound audit logs
- Improved accuracy in the "... where Domain Users can RDP" default cypher queries
-
[BHE Only] Analysis will now separate warnings from errors in completion, leading to more accurate completion of analysis in environments
Bug Fixes
- Data Quality page fails to count Azure tenant objects in specific scenarios
- Improved accuracy of the "count" responses from paginated API queries
- Resolved a specific issue with SAML implementations resulting in inaccurate "NotAuthorized" responses
- Resolved several role-privilege issues with BloodHound roles (The "User" role can no longer perform actions in the Manage Clients page, the "Upload Only" role can no longer view Experimental Features)
- Moving from "Pathfinding" to "Search" on the "Explore" page will now properly disable pathfinding
- Cursors will no longer jump to the end of the search fields on "Explore"
-
[BHE Only] TrustedBy edges should now reconcile appropriately
|
v2.3.5 - BHE, v2.3.2 - CE
New and Improved Features
- Additional ADCS property collection
Bug Fixes
- Resolved issues with hitting KERNELFAULT errors during collection
- Improved handling and retries for LDAP ServerDown responses, preventing cross-trust collection
|
v2.1.7
New and Improved Features
- Significant reduction in memory consumption when processing Azure group membership information
Bug Fixes
-
[BHE Only] AzureHound will now properly respect the verbosity setting set in config.json
|
2024-01-23 Release Notes (v5.5.0) |
New and Improved Features
- AD Certificate Services ESC3 Early Access support (Requires latest version of SharpHound)
- Expanded memory limit for query execution (Including Cypher and Entity Panel queries)
- Added Group Management tab for reviewing and modifying members of Tier Zero / High Value / Owned
- Improved performance of AZResetPassword paths
- The Azure role Partner Tier2 Support is now a default member of Tier Zero / High Value asset groups.
-
[CE Only] Added ability to mark objects as "Owned"
Bug Fixes
- Container nodes will now properly display an Entity Panel when selected in Explore.
- The "Affected Objects" section of GPO Entity Panels will no longer display "NaN" when no objects are affected.
-
[BHE Only] Attack Paths table and path view now use the same boundaries for severity highlighting.
-
[BHE Only] The AzureT0MgmtGroupControl finding will no longer appear, and historical records have been removed.
-
[CE Only] Resolved an issue impacting the use of multi-underscore environment variables when running an environment.
|
v2.3.3 - BHE, v2.3.1 - CE
New and Improved Features
- Additional support for ADCS collection capabilities.
Bug Fixes
- Updated logic for collection and reconciliation of ADCS objects.
- Resolving a SID to a domain will now appropriately utilize cache entries (@uidzeroo).
-
[CE Only] GPO Local Group processing will no longer stop processing on a failed account name resolution (@nurfed1).
-
[CE Only] Updated use of LDAP credentials when collecting domain details to prevent invalid username/password issues (@nurfed1).
|
No new release.
|
2024-01-10 (v5.4.1) |
Bug Fixes
- Analysis will no longer fail when expected properties do not exist in AD CS objects.
- Resolved a potential deadlock state for API access of backend databases.
- Improved accuracy of post-processing of CanRDP edges. This notably impacted BUILTIN\Remote Desktop Users and Domain Controllers.
|
No new release.
|
No new release.
|
2024-01-04 Release Notes (v5.4.0) |
New and Improved Features
- Early access for ADCS Attack Paths!
- Edge composition support
-
[CE Only] Modified default docker compose example to bind only to localhost for improved security defaults
|
v2.3.2 - BHE, v2.3.0 - CE
New and Improved Features
- Support for ADCS collection capabilities
|
No new release.
|
2023-12-11 (v5.3.1) |
Minor database performance improvements for specific scenarios.
|
No new release.
|
No new release.
|
2023-12-05 Release Notes (v5.3.0) |
New and Improved Features
- Added node action right-click menu with set start/end node and copy commands!
- Improved performance on AZResetPassword edges.
- Expanded memory available for queries.
- Disabling MFA on a user will provide a more explicit warning.
- Saved custom queries are now available in CE as well as BHE.
-
[BHE Only] Collection schedules may now be modified via the text and date/time pickers.
Bug Fixes
- Container nodes will now show an entity panel.
- Removed aggressive timeouts on File Ingest uploads.
- Affected Objects counts on GPO object entity panels should properly report "0" when appropriate.
- Saved queries created using the API will now properly associate with the creating user.
-
[BHE Only] Selecting a custom range on the Posture page will now highlight "Custom".
-
[CE Only] Resolved an issue with the ingestion of sessions in specific scenarios.
-
[CE Only] Resolved an issue with multi-underscore keys breaking config values.
|
v2.2.2 - BHE, v2.0.2 - CE
New and Improved Features
-
[CE Only] Added the ability to perform session enumeration as a local admin user (@LuemmelSec, @eversinc33)
-
[BHE Only] Expanded signing of files to aid in AV issues.
Bug Fixes
- Resolved an issue with collecting and processing special characters.
- Fixed a cache (de)serialization issue with checking versions.
|
v2.1.6
New and Improved Features
- Audited and removed additional opportunities for context-lock contention in the future.
|
2023-11-06 Release (v5.2.0 - BHE Only) |
New and Improved Features
- Custom user-saved Cypher queries
Bug Fixes
- Fixed several inaccurate pre-saved Cypher queries
- Azure analysis runs will now properly display error messages when they fail
- Fixed multiple API endpoints and their documentation
|
No new release.
|
v2.1.5
Bug Fixes
- Resolved multiple additional dead-lock resource-exhaustion condition edge cases during collection.
|
2023-10-16 Release notes (v5.1.0) |
New and Improved Features
- Explore page now supports JSON export of currently displayed data.
- Added additional friendly names to property values in object and edge context panels.
- Cypher auto-complete will now suggest additional fields.
- Improved the accuracy of the "Groups with foreign domain group membership" saved query.
-
[BHE Only] Environment Posture endpoint now supports tenant filtering.
Bug Fixes
- The BloodHound logo should no longer randomly disappear from the top left of the screen.
- Explore page will no longer crash when specific symbols are typed into the search bar.
-
[BHE Only] Attack Paths with all findings muted will no longer disappear from the Attack Paths list.
-
[CE Only] Environment variables are now correctly pulled to container environments.
|
v2.2.1 [BHE Only]
New and Improved Features
- Added LDAPS support and associated configuration options (this was previously available in CE).
- SharpHound has improved caching performance and will automatically invalidate local cache data on newer versions.
- Significant collection performance improvements, notably during local group and session enumeration.
- Added support for modern LAPS collection.
- Added a configurable timeout setting for port scan timeouts.
- Added a configurable option for thread concurrency.
Bug Fixes
- Enterprise Domain Controller group membership will now reconcile properly.
|
v2.1.3
Bug Fixes
- Resolved multiple dead-lock resource-exhaustion condition edge cases during collection.
|
2023-09-20 (v5.0.10) |
- Resolved a uniqueness constraint issue with Tier Zero / High Value Target selectors.
|
No new release.
|
No new release.
|
2023-09-19 Release Notes (v5.0.9) |
New and Improved Features
- Explore tab now supports the ability to search for and highlight specific objects in the canvas.
- Edge context menus will now display properties associated with the edge.
- Administrators may now disable end-users' MFA tokens.
- Users may now manage their API keys.
- BloodHound will now utilize opportunistic GZip compression for data in transit.
-
[BHE Only] Improved accuracy in exposure calculations.
Bug Fixes
-
[BHE Only] Fixed an issue with the reconciliation of Azure roles.
- Deconflicted and fixed post-processing of AZOwns and AZOwner edges.
- Users may, once again, be reverted to username/password login once set to SAML.
- In specific circumstances, built-in groups (such as Account Operators) would not appear in search results. This has been fixed.
- Expanded Cypher memory protections to prevent over-aggressive traversals.
- Resolved an issue where HasSession edges were not always ingested correctly.
- Full error messages resulting from running queries will once again display properly.
|
No new release.
|
v2.1.0
New and Improved Features
-
[BHE Only] AzureHound will now compress data in transit when uploading to BloodHound Enterprise.
Bug Fixes
- Fixed collection of multiple properties and resolved a socket exhaustion issue in collecting specific large environments.
|
Please check individual release notes to read earlier summaries.
|