Announcements

Zone Management Early Access is Live!

In preparation for BloodHound Enterprise’s ability to support multiple tiers, the Group Management feature needed a complete overhaul. This release includes Early Access support for those interested in trying it out. We are adding considerable flexibility and improved ease of use to BloodHound with the Tier Management update, including how objects are tagged, providing better visibility into that process, and making querying for tagged objects much easier. With Tier Management:
  • Querying for tagged objects in Cypher is much simpler, so no coalesce/split is needed! (All Cypher queries targeting tagged objects will need rewriting, we will introduce backwards compatibility in a future release).
  • Added support for Cypher selectors.
  • Selecting an OU will now tag all objects within (recursively).
  • Tier Management view provides information on which selectors are tagging an object.
  • BloodHound Enterprise now supports the Owned label!
  • And much more!
Please reach out to your TAM with any questions or feedback!

Tater Tokens: Intro to Windows Access Tokens and Their Role in PrivEsc

Welcome to the farm! Today’s task: harvesting potatoes. The potato exploits have been a cornerstone of local privilege escalation on Windows system for years, but how and why do the inner starchy workings of the potatoes function? Plow into understanding Windows access tokens and their use in the Windows environment, followed by a technical walkthrough of how Rotten, Juicy, and Rogue potatoes work, and a wrap up that covers some defensive suggestions. Join SpecterOps’ Max Andreacchi for this informative webinar on Jun 26, 2025. Sign up today: https://specterops.zoom.us/webinar/register/WN_yFYQC3TpRTyyrHpE5ULjtA#/registration

Summary

  • BloodHound (v7.5.0)
    • New and Improved Features
      • New Attack Path primitive: HasTrustKeys.
      • The “Search Current Results” feature of the Explore page will now highlight and zoom into the selected object.
      • [BHE Only] Added the ability to create multiple Zones and Labels in the Privilege Zones Early Access feature.
      • Added several audit log entries related to user behavior in BloodHound.
      • Explore view layout selections are now sticky across queries.
      • Clarified the logic of the Database Management confirmation dialog, making it more accessible.
      • The “No Data” dialog will now disappear if data of any type is added to a BloodHound environment; a Domain or Tenant object is no longer required.
    • Bug Fixes
      • Resolved an issue in Zone Management where disabling the Early Access feature would not appear to change the selected objects in Explore view.
      • Updated links in several edge entity panels, which no longer resolved.
      • Zone Management view should no longer flash on reload.
      • Search results on the Explore page will no longer overrun the nav bar.
      • Updated query logic for shortestPath queries on PostgreSQL graph databases.
      • Resolved an issue with excluding objects matched using the COLLECT verb in Cypher.
      • [BHE Only] Fixed an issue with missing deterministic sorting in the Attack Path Details API endpoint.
  • SharpHound (v2.6.7)
    • New and Improved Features
      • SharpHound will now validate the currently installed version of the .NET framework before execution.
      • Introduced support for Trust Account objects.
      • Added additional SMB Signing query transparency in logging output.
    • Bug Fixes
      • Resolved an issue with the -ldapfilter command line argument.
      • AddSelf edges will once again appear against Group objects.
  • AzureHound (v2.5.0)
    • New and Improved Features
      • Added collection support for the upcoming PIM Roles coverage support.

BloodHound (v7.5.0)

New and Improved Features

  • New Attack Path primitive: HasTrustKeys - The HasTrustKeys edge indicates Attack Paths which exist as a result of a trust relationship between two domains. The trust keys shared between the domains can be leveraged to authenticate as the trust account and gain access to the trust account’s domain.
  • Zoom in and highlight searched object - The “Search Current Results” functionality of the Explore page has been updated to additionally zoom in on the object selected via the search panel, making it easier to find in the graph.
  • [BHE Only] Added support for multiple Zones and Labels in the Privilege Zones Early Access feature - BloodHound Enterprise customers may now create additional Zones and Labels for eventual support of the Privilege Zones feature. All BloodHound Enterprise customers may create additional zones, and may optionally choose to purchase the additional functionality to analyze those zones and track risk and remediation progress over time.
  • More accessible Data Deletion dialog - Clarified the logic of the Database Management confirmation dialog, making it more accessible.
Updated data deletion dialog in v7.5.0
  • Expanded audit log support - Added audit log entries for the following:
    • Exporting CSV of list-based findings (such as Kerberoastable).
    • Exporting CSV of relationship-based findings findings (such as Tier Zero findings).
    • Toggling Early Access features.
    • Creating a collector client (thus creating an API key).
    • Regenerating a collector client API key.
  • Explore view layout selections are now sticky across queries.
  • The “No Data” dialog will now disappear if data of any type is added to a BloodHound environment; a Domain or Tenant object is no longer required.

Bug Fixes

  • Resolved an issue in Zone Management where disabling the Early Access feature would not appear to change the selected objects in Explore view.
  • Updated links in several edge entity panels, which no longer resolved.
  • Zone Management view should no longer flash on reload.
  • Search results on the Explore page will no longer overrun the nav bar.
  • Updated query logic for shortestPath queries on PostgreSQL graph databases.
  • Resolved an issue with excluding objects matched using the COLLECT verb in Cypher.
  • [BHE Only] Fixed an issue with missing deterministic sorting in the Attack Path Details API endpoint.

SharpHound (v2.6.7)

New and Improved Features

  • SharpHound will now validate the currently installed version of the .NET framework before execution.
  • Introduced support for Trust Account objects.
  • Added additional SMB Signing query transparency in logging output.

Bug Fixes

  • Resolved an issue with the -ldapfilter command line argument.
  • AddSelf edges will once again appear against Group objects.

AzureHound (v2.5.0)

New and Improved Features

  • Added collection support for the upcoming PIM Roles coverage support.