BloodHound and attack paths
- BloodHound Docs, searchable for various topics and documentation on edges/attack paths
- Bloodhound Enterprise: securing Active Directory using graph theory
- Attack Path management the BloodHound Enterprise Way
- The Ultimate Guide for BloodHound Community Edition
- Microsoft Breach — How Can I See This In BloodHound?
- Hybrid Attack Paths, New Views and your favorite dog learns an old trick
- On-prem Exchange attack paths: Pwned by the Mail Carrier
- The Dog Whisperer's Handbook [PDF] (created for the legacy community version, but the concepts still apply)
- BloodHound CE + AWS IAM Identity Center
Cypher
- Cypher Queries in BloodHound Enterprise
- Searching with Cypher
- Search the internet for "BloodHound Cypher" for more community guides and cheat sheet
Tiering
- "What is Tier Zero" series
- Part 1 blog post and webinar recording
- Part 2 blog post and webinar recording
- Part 3 webinar recording
- Establish security boundaries in your on-prem AD and Azure environment
- At the Edge of Tier Zero: The Curious Case of the RODC
ADCS
- "ADCS Attack Paths in BloodHound" series
- Webinar recording and slides
- ADCS ESC14 Abuse Technique
- ADCS ESC13 Abuse Technique
SpecterOps general resources
- SpecterOps blog - topics are BloodHound, detection and adversary tradecraft
- SpecterOps events - upcoming talks, webinars, gatherings and our training courses
- SpecterOps on YouTube
- SpecterOps on X
Updated