Announcements

SharpHound Upgrades Required

SharpHound v2 is officially generally available. If you have not already done so, please make sure you upgrade your SharpHound collectors to v2.1+. SharpHound v1 will officially be end-of-life on May 1, 2023.

NOTE: Upgrading to SharpHound v2+ must occur concurrently on all services and requires enabling the “Enable post processing of local groups” early access feature simultaneously.

Instructions to upgrade your collector may be found here! Our Customer Success team will begin reaching out to all customers still running SharpHound v1 and would be happy to help if you require it.

Summary

  • BloodHound Enterprise
    • Bug Fixes - process hangs during analysis, jobs stuck on ingesting, and data ingestion from specific versions of AzureHound.
  • SharpHound Enterprise (v2.1.2)
    • New and Improved Functionality - LDAP auto-negotiation for External trust collection (see full release notes), maximum concurrent LDAP query support.
    • Bug Fixes - corrected an issue with local group collections.
  • AzureHound Enterprise (v1.2.4)
    • No release this week.

BloodHound Enterprise

Bug Fixes

  • Fixed an issue where BloodHound Enterprise would hang during analysis.
  • In certain circumstances, collection jobs would appear stuck in “Ingesting” states when they had been completed fully. This has been resolved.
  • Resolved an issue with data ingestion from specific versions of AzureHound.

SharpHound Enterprise (v2.1.2)

Minimum version of SharpHound Service to support all current functionality: v2.1.2

Improved Functionality

  • Optional support for LDAP authentication auto-negotiation (simplified External trust collection support) - SharpHound now supports a configurable option to enable authentication auto-negotiation for LDAP authentication (ForceLDAPkerberosAuth, defaulted to True). In most cases, the default value is preferred.

    By default, your forest will not attempt to search for principals across External trusts without a specific configuration to do so. If you are unable to configure the Forest Search Order to do so, auto-negotiation will allow NTLM authentication to the trusted domains (mimicking the behavior of the SharpHound open-source collector). See SharpHound Cross-Trust Collection documentation for more.

  • Maximum concurrent search query support - SharpHound now supports a configurable number of maximum concurrent queries executed against a domain controller (MaxConcurrentSearchQueries, defaulted to 15). Historically, SharpHound would attempt queries as quickly as possible; however, this could exceed the maximum allowable queries configured. In most cases, the default value should be sufficient.

Bug Fixes

  • In specific cases, collections showed AD groups belonging to local groups where this was not the case. This has been resolved.
  • Improved logging for specific issues

NOTE: Upgrading to SharpHound v2+ must occur concurrently on all services and requires enabling the “User Rights Assignment Collection” experimental feature at the same time. Please contact your TAM or respond to this email for assistance.

AzureHound Enterprise (v1.2.4)

Minimum version of AzureHound Service to support all current functionality: v1.2.4

No release this week.