Introducing BloodHound Scentry: Accelerate your APM practice. Learn More
BloodHound Enterprise
Advance from mapping to eliminating attack paths with the enterprise platform that delivers at scale
BloodHound Community Edition
Start mapping attack paths with the open-source tool that started it all
BloodHound Scentry
Accelerate your APM practice and reduce identity risk with expert guidance to protect your critical assets.
OFFENSIVE SERVICES
TRAINING
Adversary Tactics
Adversary Perspectives
TRAININGS
SO-CON 2026
Master in-demand skills with our specialized courses at SO-CON 2026.
SOLUTIONS
INDUSTRIES
PARTNERS & INTEGRATIONS
RESOURCES
Attack Path Management Maturity Model
Evaluate your ability to stop identity-based attacks
Our Commitment to Open Source
Committed to advancing the community through open source contributions, cutting-edge research, and knowledge sharing
OPEN SOURCE TOOLS
Join the Conversation
Learn from others and share your story on the BloodHoundGang Slack Community
OPEN SOURCE RESEARCH
Collaborative Editing
Ghostwriter now supports real-time collaborative editing for observation...
ABOUT US
GET IN TOUCH
PRESS RELEASE
SpecterOps and Tines Partner to Automate Attack Path Management with Native BloodHound Integration
FEATURED EVENT
Conference: April 13-14, 2026 Training: April 15-18, 2026
RESEARCH
BLOG
EVENTS
Fueling the Fight Against Identity Attacks
When we founded SpecterOps, one of our core principles was to build a...
The Renaissance of NTLM Relay Attacks
NTLM relay attacks have been around for a long time. While many security...
See the latest by Andy Robbins
Research & Tradecraft
PingOne Attack Paths
TL;DR: You can use PingOneHound in conjunction with BloodHound Community Edition to discover, analyze, execute, and remediate identity-based attack paths…
By: Andy Robbins
14 mins
BloodHound
Attack Graph Model Design Requirements and Examples
TL;DR OpenGraph makes it easy to add new nodes and edges into BloodHound, but doesn’t design your data model for…
34 mins
Intune Attack Paths — Part 1
Intune Attack Paths — Part 1 Prior Work Several people have recently produced high-quality work around Intune tradecraft. I want to specifically mention:…
21 mins
Azure Key Vault Tradecraft with BARK
Brief This post details the existing and new functions in BARK that support adversarial tradecraft research relevant to the Azure…
8 mins
Browserless Entra Device Code Flow
Zugspitze, Bavaria, Germany. Photo by Andrew Chiles Did you know that it is possible to perform every step in Entra’s OAuth…
The Most Dangerous Entra Role You’ve (Probably) Never Heard Of
Entra ID has a built-in role called “Partner Tier2 Support” that enables escalation to Global Admin, but this role is…
6 mins
Directory.ReadWrite.All Is Not As Powerful As You Might Think
Directory.ReadWrite.All is an MS Graph permission that is frequently cited as granting high amounts of privilege, even being equated to…
11 mins
Industry Insights
Microsoft Breach — What Happened? What Should Azure Admins Do?
Microsoft Breach — What Happened? What Should Azure Admins Do? On January 25, 2024, Microsoft published a blog post that detailed their recent…
BloodHound Community Edition: A New Era
I’m proud to announce the availability of BloodHound Community Edition (BloodHound CE)! What you need to know: The free and open-source…
