New enterprise-grade features coming to the Attack Path mapping tool include containerized deployment, full user management, and REST API support
Seattle, WA – Aug 1, 2023 – SpecterOps, a provider of adversary-focused cybersecurity solutions born out of unique insights of advanced threat actor tradecraft, today announced the release of version 5.0 of BloodHound, a free and open-source penetration testing solution that maps attack paths in Microsoft Active Directory (AD) and Azure (including Azure AD/Entra ID) environments. As part of this update, BloodHound is being renamed BloodHound Community Edition (CE). The changes to Bloodhound CE in version 5.0 make it much easier for open-source users to deploy, manage, and use the tool, while delivering some powerful new functionality. Additionally, some popular features from BloodHound CE are being added to BloodHound Enterprise, SpecterOps’ defensive solution for enterprise security and identity teams.
This update brings many enterprise-grade usability features to BloodHound CE, like containerized deployment, REST APIs, user management, and access control. It also significantly improves performance while streamlining development allowing for faster development and incorporation of community contributions. Updates to BloodHound Enterprise include the ability to run custom Cypher queries, which will let Enterprise users explore and gather additional information from their directory service infrastructure.
“Our commitment to the BloodHound community and the goals of the project remain the same as always: helping penetration testers and defenders uncover the hidden, unintentional, and exploitable relationships in Active Directory,” said Andy Robbins, co-creator of BloodHound. “This update allows us to strengthen both products by applying two years’ worth of knowledge gained from building BloodHound Enterprise to BloodHound CE, and by bringing some in-demand features from CE into Enterprise at the same time. BloodHound CE is the same BloodHound that long time open-source users know and love, now with enterprise-grade deployment, usability, and UI.”
New features in BloodHound CE include:
- Support for REST APIs –BloodHound CE is a three-tier application with a database, an API layer, and a web-based user interface. Users can now use REST APIs to interact with data rather than needing to write queries directly to the database.
- Containerized deployment – BloodHound CE will deploy as a containerized product. This much simpler process will reduce deployment time by 80%. This also makes it easier for users with different sized environments to manipulate the resources assigned to BloodHound.
- Enterprise-grade user management – This update adds built-in full multi-user support with RBAC, the ability to create and assign user roles, and support for two factor authentication and SAML to BloodHound CE.
- Protected Cypher searches – Cypher queries in BloodHound CE will include available guardrails to automatically cancel queries that will cause performance or security issues.
- Reliability and performance upgrade – Routine maintenance updates will make the tool faster, more resilient, and more reliable.
- More frequent updates and community contributions – These changes will allow SpecterOps to increase the rate of updates and new features added to BloodHound CE going forward and will increase the number of pull requests from the community that can be implemented.
- Better community support – More similarities between BloodHound CE and BloodHound Enterprise under the hood means users will have better access to support and documentation for both.
As part of this update, some popular features from BloodHound CE are being brought to BloodHound Enterprise (BHE). These include:
- Custom Cypher queries – BloodHound Enterprise users can now write custom Cypher queries to explore their AD environment with safeguards in place to prevent queries from accidentally causing security or performance issues.
- Improved offline data collection – It is now possible to collect and upload directory data into BHE. This will allow, for example, a company to add data from a company it acquired without installing persistent data collectors.
All previous versions of BloodHound (everything before v5.0) will be referred to as “BloodHound Legacy” and will remain available going forward.
BloodHound was created in 2016 by Rohan Vazarkar, Will Schroeder, and Andy Robbins. It has been downloaded close to 500,000 times and has over 12,000 users in the BloodHound Community Slack. BloodHound has been recommended by the US Cybersecurity, Infrastructure Security Agency (CISA), and by Microsoft to help secure Microsoft Active Directory and Azure AD.
SpecterOps recently raised a $33.5M Series A funding round from Decibel and Ballistic Ventures. This update is one of many projects that funding has enabled or accelerated.
BloodHound Community Edition will be available on August 8th in early access. For more information or to see a demo of BloodHound CE, visit SpecterOps at Black Hat at booth #2334, or attend a Black Hat Arsenal presentation about BloodHound CE on August 9th at 1:00pm. Full details will be available in the coming weeks on SpecterOps blog.
SpecterOps is a cybersecurity solutions and services provider specializing in deep knowledge of adversary tradecraft to help clients detect and defend against sophisticated attackers. The company releases numerous widely used free and open-source security toolsets, including BloodHound, a penetration testing solution which maps attack paths in Active Directory and Azure environments. BloodHound has been recommended by the Department of Homeland Security, PricewaterhouseCoopers and many more. BloodHound Enterprise is the company’s first defense solution for enterprise security and identity teams. For more information on the company and its solutions, visit https://specterops.io/.
Voxus PR for SpecterOps