SpecterOps expands Identity Attack Path Management to Okta, GitHub, and Mac. Learn More
Back to Blog
BloodHound

BloodHound Has Changed. Your Course Probably Hasn’t.

Author

Hugo van den Toorn

Read Time

4 mins

Published

Apr 11, 2026

Share

BloodHound has moved fast and not all courses have kept up. If you create or maintain a course or training that includes BloodHound, now is a good time to review your materials.

BloodHound Community Edition (BHCE) has continued to evolve rapidly, with v8.9 releasing just last week. There have been many updates that apply to both manual installations and the version bundled with Kali Linux. Alongside these changes, we introduced the OpenGraph, which extends BloodHound beyond Active Directory and Entra ID into systems like AWS, GitHub, and Jamf.

We also remain committed to maintaining BloodHound as an open-source project

Four out of five courses we reviewed still used a BloodHound version that is three years out of date. Many courses rely on Kali Linux, where we still packaged BloodHound Legacy until August 2025. Sharing a few updates here in case you’re planning a refresh, so learners can take advantage of the latest capabilities.

What to Update in Your Course

Here are a few updates that may be helpful as you revise your material.

  1. BloodHound CLI for manual installations:
    If you are installing BloodHound on a custom system rather than using the pre-installed version on Kali Linux, use BloodHound CLI. It pulls and configures the correct Docker containers for a consistent setup.
  2. BloodHound v8 for coursework:
    BloodHound has seen significant UX and functionality improvements since v4 (BloodHound Legacy). We recommend using v8 or later for all coursework. You can reference or reuse content from the public documentation
  3. Cover OpenGraph in your coursework:
    BloodHound v8 introduced OpenGraph for ingesting data outside of traditional AD/Entra ID views. You can write your own extension or use one from the OpenGraph Library.

If relevant, a brief mention of BloodHound Enterprise can help learners understand how organizations operationalize and remediate identity risks in a business context.

Reality Check: Outdated or Current? 

This is a simple way to check whether your course reflects the current platform.

Your coursework is outdated if you are…

  1. Using Kali Linux versions released before August 2025:
    We didn’t update our packaging on Kali Linux until August 2025 (mea culpa!), so if you’re using an earlier Kali version, you’re still using BloodHound Legacy (v4), which is three years behind.
  2. Manually installing Docker containers:
    Walking through container downloads (e.g., DockerHub) or manual configuration of containers reflects an older setup model.
  3. Using Neo4j as your database:
    Neo4j still works, but PostgreSQL is the recommended database, especially for full OpenGraph functionality and performance.
  4. References to the ghst.ly link:
    Use of https://ghst.ly/getbhce indicates outdated installation guidance. 
  5. Git cloning from Bloodhound-Legacy repo:
    Asking users to pull installs from the outdated https://github.com/SpecterOps/BloodHound-Legacy. Legacy is no longer supported and users are missing out on great new features. 
  6. Using npm, pip or homebrew:
    Instructions like npm install -g bloodhound, pip install bloodhound, or brew install bloodhound are inconsistent and often install outdated versions. 

Your coursework is current if you are…

  • Using Kali Linux 2025.3 or later (August 2025):
    Includes the modern Community Edition experience with an overhauled installation package. Assuming Kali is updated.
  • Using BloodHound CLI for installation:
    Recommended approach for custom environments outside Kali.
  • Using BloodHound v8+:
    Reflects the current UI, workflows, and analysis model. V8.9 is the most recent version at the time of writing. 
  • Incorporating OpenGraph:
    Extends beyond AD and Entra ID into additional systems.
  • Using official documentation and quickstart guides:
    Aligns with the latest guidance at bloodhound.specterops.io

A Second Set of Eyes on Your Content

BloodHound continues to evolve quickly. Even small differences in setup or terminology can signal whether content reflects the current platform. Periodic review and small updates go a long way in keeping coursework relevant and useful.

If you’re planning an update and want a second set of eyes on your content, the SpecterOps community team can be reached at community@specterops.io. Please also let us know when you’ve updated your course so we can send you some BloodHound swag to say thanks!

Post Views: 1,221
Hugo van den Toorn

Managing Director

Hugo is SpecterOps’ leader for European expansion and global Community engagement. As a former CISO with over twelve years in Information Security, he combines deep offensive security expertise with strategic thinking to help organizations understand adversary tradecraft.

Ready to get started?

Book a Demo

You might also be interested in

BloodHound 9.0 — Product Updates

BloodHound

BloodHound 9.0 — Product Updates

Two weeks ago, we announced the new BloodHound Enterprise with OpenGraph extensions to extend attack path management to environments like…

By: Justin Kohler

5 mins
Expanding Attack Path Management to macOS Environments

BloodHound

Expanding Attack Path Management to macOS Environments

Introduction Attack path management has historically focused on identity systems like Active Directory and Entra ID. That focus made sense.…

By: Jared Atkinson

11 mins
JamfHound v1.1 Update: SSO Attack Paths and Okta Additions

Research & Tradecraft

JamfHound v1.1 Update: SSO Attack Paths and Okta Additions

TL;DR : New SSO Attack Paths and Okta Edges in JamfHound: Updates have been added to the JamfHound OpenGraph collector…

By: Lance B. Cain

10 mins