2025-07-29 Release Notes (v8.0.0)

​

Announcements

​

BloodHound OpenGraph: Six Degrees of… Well, Anything!

​

Come see us at BlackHat and DEFCON 2025

• Take one of our incredible Adversary Tactics courses: Detection, Tradecraft Analysis, Red Team Operations, or our newest course, Identity-Driven Offensive Tradecraft.
• Check out one of our incredible BlackHat Arsenal talks on some cool new tools: Crucible C2, Ghost Scout, Nemesis v2.0, or SCCMHunter.
• Learn in one of our BlackHat briefings: Leveraging JAMF for Red Teaming in Enterprise Environments, or Clustered Points of Failure – Attacking Windows Server Failover Clusters.
• Even more learning opportunities from our team at DEFCON: Demo Lab: Proxies Here There and Everywhere, or two different options at Red Team Village: Mythic, Ghostwriter, Nemesis, and Tying the Room Together – The Dude’s Guide to Red Team Operations, and BloodHound Quest.
• Or join our team for some bowling, drinks, and snacks at our happy hour at the Brooklyn Bowl on August 6.

​

Summary

• BloodHound (v8.0.0)
  • New and Improved Features
    • Introducing BloodHound OpenGraph, enabling expansion and flexibility of BloodHound to Attack Paths in any system!
    • New “Table” layout in Explore!
    • Attack Paths created through inherited ACEs can now display and trace inheritance root (Requires SharpHound v2.5.4+).
    • Added support for collecting the msDS-isRODC attribute to more accurately identify Read-Only Domain Controllers (Requires SharpHound v2.7.0).
    • Added support for HasSIDHistory edges against Group objects (Requires SharpHound v2.7.0).
    • [BHE Only] Added a new API endpoint to pull all Attack Path findings at once.
    • Added the ability to delete graph data by type.
    • Renamed the “Copy -> Display Name” right click option in Explore to “Copy -> Name” to prevent confusion.
    • [BHE Only] Renamed several Attack Path finding titles for improved accuracy.
    • Improved workflow for File Ingest.
  • Bug Fixes
    • Reverted the changes to Contains edges from v7.6.0 due to performance issues.
    • Selecting a section within the Administration menu will no longer deselect Administration from the main nav bar.
    • [BHE Only] Fixed an inaccurate cypher statement within ADCSESC1 remediation documentation.
• SharpHound (v2.7.0)
  • New and Improved Features
    • Collection support for msDS-RODC attribute for Read-Only Domain Controller identification.
    • Introduced new adaptive timeout logic to reduce collection time and to help prevent collection timeouts reported into BloodHound Enterprise.
    • Added additional logging to the compstats export file to better capture all outbound connection attempts and results.
    • Added collection support for HasSIDHistory edges inbound to Group objects.
  • Bug Fixes
    • HasSIDHistory edges will once again be generated against User and Computer objects.
    • [BHE Only] Resolves an issue where SharpHound Enterprise v2.6.7 added an additional entry in Programs and Features.
• AzureHound (v2.6.0)
• No new release.

​

BloodHound (v8.0.0)

​

New and Improved Features

• Introducing BloodHound OpenGraph - BloodHound OpenGraph represents a turning point in how Attack Paths are added into BloodHound. We’re moving away from the need for all new Attack Paths to require significant software engineering efforts within the BloodHound codebase, and unleashing security researchers to begin to experiment with little more than an idea and some basic scripting knowledge. Past that, our own team at SpecterOps will be utilizing OpenGraph to continue to add built-in coverage to BloodHound at a more rapid pace. BloodHound v8.0 is just the beginning, we’ll continue to add capabilities to BloodHound OpenGraph, and are excited to see what you all do with it!
  
  You can learn more in our OpenGraph documentation.
• New “Table” layout in Explore! - Run a Cypher query that returns a bunch of objects (for example “Kerberoastable Users”) and think it’s silly to click through a bunch of nodes on a canvas? Us too! That’s why we’re adding in the Table layout to the Explore view. Put those nodes in a table, display whatever properties you like, export that data to a CSV. Attackers may think in graphs, but sometimes a list is a very helpful thing!

• Inherited ACE tracking - ACE inheritance is an incredibly powerful management tool within AD, but as the saying goes, “with great power comes great responsibility to not create a bunch of Attack Paths” (it’s something like that..). With BloodHound v8.0 (and SharpHound v2.5.4), you can now display the root and path of any inherited ACE in AD, enabling administrators to rapidly understand the root cause of, and to remove thousands of Attack Paths rapidly with a single change.

• msDS-RODC Attribute Collection - We’ve added support for collecting the msDS-isRODC attribute to more accurately identify Read-Only Domain Controllers in BloodHound (Requires SharpHound v2.7.0). Prior to this addition, the best way to identify this critical assets was through the Read-Only Domain Controllers group membership, however that leads to multiple inaccuracies due to the behind-the-scenes workings of AD.
• HasSIDHistory support for Group objects - Not wanting to be left out, we’ve added support for the HasSIDHistory edge to Group objects in AD (Requires SharpHound v2.7.0). This Attack Path identifies the same type of risk that HasSIDHistory always has against Users and Computers, but extends it further within the product.
• [BHE Only] All Attack Path Findings API Endpoint - For any of our customers who have written custom integrations against the BloodHound API, you’ll be familiar with the number of API calls historically required to export all findings from BloodHound Enterprise. With this new endpoint, /api/v2/attack-paths/details, you can export every finding available within your BloodHound Enterprise environment with a single API call. Included in the response payload is the remediation documentation for every finding, providing everything you need to enable your Attack Path Management program to begin rapidly removing risk in your environment.
• Data Deletion by Type - We’re beyond stoked for BloodHound OpenGraph, but as the saying goes, “more data, more problems.” Well we saw these coming and have extended the Database Management functionality in BloodHound to enable Administrators to clear data from within their environment based on the base type supplied. We’ve included support for the natively supported AD and Azure data types, and the list will dynamically expand as you ingest additional data utilizing OpenGraph.

• Renamed right-click “Copy” command - We realized that the previous “Copy -> Display Name” item on our right-click menu could be confused to mean that you would be copying the “Display Name” field (for example, within AD), rather than the name of the object as displayed within BloodHound. To more accurately represent the behavior, we renamed the menu to “Copy -> Name”.

• [BHE Only] Renamed Attack Path finding titles - We realized that we had misnamed a couple of findings and have renamed them for accuracy. They are as follows:
  • “AddOwner Role on Tier Zero Resource” -> “AddOwner Permission on Tier Zero Resource”
  • “Ownership Privileges on Tier Zero Objects” -> “Ownership of Tier Zero Objects”
• Improved workflow for File Ingest - The File Ingest workflow had too many clicks in it. We’ve optimized the workflow to remove unnecessary effort from the process.

​

Bug Fixes

• Reverted the changes to Contains edges from v7.6.0 due to performance issues.
• Selecting a section within the Administration menu will no longer deselect Administration from the main nav bar.
• [BHE Only] Fixed an inaccurate cypher statement within ADCSESC1 remediation documentation.

​

SharpHound (v2.7.0)

​

New and Improved Features

• Adaptive Timeout in SharpHound - SharpHound will now track how long successful collections take against live targets and dynamically adjust timeout durations for connections accordingly. This change will enable faster and more data collections, particularly in larger or more diverse environments that may have more computers which SharpHound cannot collect from by dynamically reducing timeout durations to align with the characteristics of your environment.
• CompStats Logging Expansion - We identified a few areas where SharpHound was not logging connections attempts and results within the compstats log, making troubleshooting certain behaviors more difficult. We fixed these gaps to enable improved troubleshooting and validation of collection results.
• Additional collection support:
  • msDS-RODC attribute for Read-Only Domain Controller identification.
  • HasSIDHistory edges inbound to Group objects.

​

Bug Fixes

• HasSIDHistory edges will once again be generated against User and Computer objects.
• [BHE Only] Resolves an issue where SharpHound Enterprise v2.6.7 added an additional entry in Programs and Features.

​

AzureHound (v2.6.0)