SpecterOps expands Identity Attack Path Management to Okta, GitHub, and Mac. Learn More
blog category

BloodHound

image for Introducing BloodHound Enterprise On-Premises: Why On-Prem Identity Attack Path Management Still Matters in a Cloud World

BloodHound

Introducing BloodHound Enterprise On-Premises: Why On-Prem Identity Attack Path Management Still Matters in a Cloud World

TL;DR : BloodHound Enterprise on-premises brings enterprise-grade identity attack path management to air-gapped, classified, and highly...

By: Sev Kocharian
Jan 29, 2026 • 5 min read
Read Post
image for Updates to the MSSQLHound OpenGraph Collector for BloodHound

BloodHound

Updates to the MSSQLHound OpenGraph Collector for BloodHound

tl;dr: MSSQLHound, a PowerShell script that collects security information from remote MSSQL Server instances, now scans...

By: Chris Thompson
Jan 20, 2026 • 7 min read
Read Post
image for MSSQL and SCCM Elevation of Privilege Vulnerabilities

BloodHound

MSSQL and SCCM Elevation of Privilege Vulnerabilities

TL;DR: I found two privilege escalation vulnerabilities, one in MSSQL (CVE-2025-49758) and one in Microsoft Configuration...

By: Chris Thompson
Jan 15, 2026 • 16 min read
Read Post
image for Introducing ConfigManBearPig, a BloodHound OpenGraph Collector for SCCM

BloodHound

Introducing ConfigManBearPig, a BloodHound OpenGraph Collector for SCCM

tl;dr: Security researchers have discovered 30+ unique attack techniques targeting SCCM in the past several years,...

By: Chris Thompson
Jan 13, 2026 • 45 min read
Read Post
image for Mapping Deception with BloodHound OpenGraph

BloodHound

Mapping Deception with BloodHound OpenGraph

TL;DR As defensive postures continue to mature, deception technologies provide organizations the opportunity to harden defenses...

By: Ben Schroeder
Dec 23, 2025 • 27 min read
Read Post
image for Azure Seamless SSO: When Cookie Theft Doesn’t Cut It

BloodHound

Azure Seamless SSO: When Cookie Theft Doesn’t Cut It

TL;DR The cookie crumbled when it expired, but the attack path didn’t. Learn how BloodHound graph...

By: Andrew Gomez
Dec 11, 2025 • 17 min read
Read Post
image for Operationalizing BloodHound Enterprise: Security automation with Tines

BloodHound

Operationalizing BloodHound Enterprise: Security automation with Tines

TL;DR This blog demonstrates how to operationalize BloodHound Enterprise by using Tines to quickly assess the...

By: Hugo van den Toorn, Joey Dreijer
Dec 9, 2025 • 8 min read
Read Post
image for Taming the Attack Graph: A Many Subgraphs Approach to Attack Path Analysis

BloodHound

Taming the Attack Graph: A Many Subgraphs Approach to Attack Path Analysis

TL;DR This blog presents a framework using technology subgraphs, decomposition, and graph abstraction to model hybrid...

By: JD Crandell
Nov 13, 2025 • 8 min read
Read Post
image for ShareHound: An OpenGraph Collector for Network Shares

BloodHound

ShareHound: An OpenGraph Collector for Network Shares

TL;DR: ShareHound is an OpenGraph collector for BloodHound CE and BloodHound Enterprise that maps network shares,...

By: Remi GASCOU
Oct 30, 2025 • 7 min read
Read Post