2024-06-17 Release Notes (v5.11.0)

Announcements

BloodHound Enterprise Finding Docs Deprecation / Change

If you utilize an API integration to collect information on findings from BloodHound Enterprise, please review the below deprecation / change notice:

  • 🎯What's changing - Finding documentation is moving to a proper API endpoint rather than being served through the UI as it is today.
  • 🗓️When - Approximately the week of July 15th, 2024, during the next major release
  • 🚧 What do you need to do - Update your code to download assets from /api/v2/assets/findings/$finding_id/$doc_type.md instead of the current UI paths. Both paths will work until the next release when the existing UI paths will no longer function.

We will update the integrations supported by SpecterOps during this timeframe. If you have any questions, don't hesitate to contact your TAM; they would be happy to assist!

Join us for training at BlackHat USA 2024!

Whether you're a blue- or red-teamer, our courses are designed to elevate your skills and prepare you to tackle advanced threat actors. Don't miss out on this opportunity to learn from the experts and gain hands-on experience in simulated environments! Courses offered this year include:

  • Adversary Tactics: Tradecraft Analysis
  • Adversary Tactics: Red Team Operations
  • Adversary Tactics: Detection
  • Active Directory Security Fundamentals

Click here to learn more or register now and take your expertise to the next level!

Summary

  • BloodHound (v5.11.0)
    • New and Improved Features
      • Password changes will now require validation of your current password to complete
      • Updated pre-defined queries and added a hygiene section
      • [BHE Only] Azure findings have been collapsed based on path type only, aligning with Active Directory finding types
      • [BHE Only] Clicking "Explore" on a finding will now automatically display the entity panel for the associated edge
      • [BHE Only] Findings documentation is now served by a proper API endpoint
    • Bug Fixes
      • Azure principals with scoped Application Administrator or scoped Cloud App Admin role assignments will no longer receive a AzHasRole edge to the AzRole nodes. These nodes are only used for Tenant-scoped role assignments.
      • Group Management view will now properly display members of custom groups
      • Resolved several erroneous timeout issues
      • Corrected inaccurate use of CONTAINS verb in several pre-defined queries
      • Updated example abuse commands on several ADCS escalation paths
      • Corrected specific certificate template names on entity panels
      • [BHE Only] Fixed several bugs in Azure finding logic
  • SharpHound (v2.4.1 - BHE, v2.4.1 - CE)
    • No new release.
  • AzureHound (v2.1.9)
    • No new release.

BloodHound (v5.11.0)

New and Improved Features

  • Password changes will now require validation of your current password to complete - To provide a more secure application, BloodHound will now validate that the user knows their current password before allowing a password change in the My Profile section of the application.
  • Updated pre-defined queries and added a hygiene section - We've made some updates to the pre-defined Cypher queries with some useful base queries, specifically in a Hygiene section with each AD and Azure to help users find errant misconfigurations which may open them to additional risk.
  • [BHE Only] Azure findings have been collapsed based on path type only, aligning with Active Directory finding types - During our big Azure expansion last year, we added an additional layer of division between finding types based on the target object type. This resulted in a poorer user experience and so we have collapsed those findings to align with the current pattern used within Active Directory - one finding per path type between objects.

    This change may result in some significant changes in the findings visible within your Azure Environment. Please contact your TAM if you have any questions or would like additional details on these changes.
  • [BHE Only] Clicking "Explore" on a finding will now automatically display the entity panel for the associated edge - When "Exploring" a finding, selecting the edge required an additional click to show the associated Entity Panel. Granted most users took this step immediately after clicking the "Explore" button, we updated the application to do this for you!
    select_entity.gif
  • [BHE Only] Findings documentation is now served by a proper API endpoint - Documentation for findings, descriptions, remediation documentation, etc. will now be served by an API-based endpoint, rather than through the UI as was done before. This will provide a more secure and stable experience in the future.

Bug Fixes

  • Azure principals with scoped Application Administrator or scoped Cloud App Admin role assignments will no longer receive a AzHasRole edge to the AzRole nodes. These nodes are only used for Tenant-scoped role assignments.
  • Group Management view will now properly display members of custom groups
  • Resolved several erroneous timeout issues
  • Corrected inaccurate use of CONTAINS verb in several pre-defined queries
  • Updated example abuse commands on several ADCS escalation paths
  • Corrected specific certificate template names on entity panels
  • [BHE Only] Fixed several bugs in Azure finding logic

SharpHound (v2.4.1 - BHE, v2.4.1 - CE)

No new release.

AzureHound (v2.1.9)

No new release.

Updated