TrustedBy
edge has always offered valuable information. However, it historically hid valuable information. One of the most common questions we get from folks after running a Pathfinding query is, “Is this a real path? Can I follow that TrustedBy
edge?” Wonder no more! In this release, we are replacing TrustedBy
with four new edges, SameForestTrust
, CrossForestTrust
, SpoofSIDHistory
, and AbuseTGTDelegation
, to reflect traversable Attack Paths more accurately.SameForestTrust
and CrossForestTrust
will represent the structural trusts within Active Directory. They are non-traversable and, therefore, will not appear within Pathfinding. SpoofSIDHistory
and AbuseTGTDelegation
will provide traversable edges (and appear in Pathfinding queries) that will indicate to BloodHound users whether or not a valid path exists across an Active Directory trust.HostsCAService
edge, requiring the presence of a hosting computer before the edge can be created.