We recently released the inaugural issue of our State of Attack Path Management report, which draws from our unique blend of offensive security assessments and insights from both BloodHound Community Edition and Enterprise. The report introduces Attack Path Management as a fundamental practice requiring a paradigm shift from reactive defense to proactive adversarial thinking.On August 28, 2025, at 11 AM PT, join Jared Atkinson, Elad Shamir, and Andrew Chiles as they break down key takeaways to help you understand and address attack paths in your environment before they are exploited.Register for this fantastic webinar today!
Back in April of this year, we announced our intention to deprecate our legacy API around Black Hat 2025. The time has finally arrived to say goodbye to APIv1 of BloodHound Enterprise. Our Technical Account Managers have been reaching out to any customers who had still been utilizing these endpoints to make certain everyone had migrated successfully to APIv2.Thank you so much to our customers and Technical Account Managers for helping us sunset the use of this legacy code!
Cypher on PostgreSQL graph databases now supports quantifiers (ANY, SINGLE, NONE, ALL)!
New “Analyze Now” button to kick off ad hoc analysis of data.
Improved linking of the Everyone and Authenticated Users groups across domain trusts.
Added the ClaimSpecialIdentity Attack Path to indicate where special AD identities hold compromising permissions.
Improved performance and UX in Privilege Zone Management screens.
Improved performance and UX in the Explore table layout view.
Entity Panels may now be closed, deselecting a previously selected object or edge in the graph.
ADCS and GoldenCert abuse information now uses Certify 2.0 for all instructions.
[BHE Only] APIv1 has been removed from BloodHound Enterprise.
[BHE Only] Clarified the columns displayed in the environment selector view.
[BHE Only] Findings in non-Tier Zero zones now display zone-specific finding names.
Improved performance of the API Explorer page.
Bug Fixes
Clicking the Download button on the Explore table layout view will now consistently download a CSV export.
The “All Global Administrators” pre-saved query will now consistently display all users with Global Administrator role assignments.
Cypher queries on PostgreSQL graph databases now correctly return expected nodes and edges on directionless traversal between two nodes of the same kind.
Resolved an issue where AZRoleEligible edges would appear for non-directory-scoped eligibility.
[BHE Only] Resolved an issue that resulted in inaccurate risk measurements involving the contains edge in Active Directory environments.
[BHE Only] The impacted principals tables on remediation pages for Hygiene findings will once again display the list of principals.
[BHE Only] Fixed an issue with sorting Finding details views, resulting in occasionally seeing the same finding twice.
[BHE Only] CoerceAndRelayNTLMtoADCS edges will now resolve properly within BloodHound Enterprise after following recommended remediation steps.
SharpHound (v2.7.1)
Bug Fixes
Resolved an issue where any timeouts during LDAP connection tests would result in excluding a domain entirely from any additional collection.
AzureHound (v2.7.1)
Bug Fixes
AzureHound will now properly track requests per connection and handle GOAWAY responses cleanly instead of failing the collection.
Cypher quantifiers on PostgreSQL - Support for Cypher on PostgreSQL graph databases continues! In this release, we’re adding support for quantifiers (ANY, SINGLE, NONE, ALL) within Cypher queries. For more information, check out our Cypher documentation!
“Analyze Now” - BloodHound does a great job of only running analysis when necessary. Even still, there are occasions when kicking off a manual analysis can be helpful for certain troubleshooting scenarios. We’ve introduced a button under Administration → BloodHound Configuration to kick off a fresh analysis.
Updated linking for Everyone and Authenticated Users groups - Both Everyone and Authenticated Users groups will now accurately link across domain trusts, resulting in more accurate representation of these paths. For example, ADCSESC1 Attack Paths crossing from child to root domains will now properly appear within BloodHound.
Introducing the ClaimSpecialIdentity Attack Path - We’ve introduced a new Attack Path in the product that indicates where a principal can claim special identity SIDs (e.g., Network). These are now nodes in BloodHound, enabling paths where special identities hold compromising permissions. More details can be found in the “Connecting the Special Identity Dots” section of this blog post: Good Fences Make Good Neighbors: New AD Trusts Attack Paths in BloodHound.
Privilege Zone Management UI updates - Enhancements to the Privilege Zone Management UI continue ahead of it nearly becoming generally available. In this release, we’ve significantly reduced the resources utilized by the page and made several buttons clearer regarding their intended functionality.
Explore table layout improvements - We’ve continued to improve the table layout in the Explore page, including adding support for unsorting a column with a third click, modifying the glyph used to indicate Tier Zero objects, and making copying of cell values easier.
Deselect an object in Explore - Entity Panels may now be closed, deselecting a previously selected object or edge in the graph.
Certify 2.0 now in abuse instructions - In case you missed it, our team recently released Certify 2.0, introducing significant improvements and new capabilities over the original utility. We’ve updated abuse information across all ADCS and GoldenCert edges to instruct on the use of Certify 2.0 to take advantage of those improvements.
[BHE Only] Clarified the environment selector view - We’ve added column headers to more clearly communicate the information displayed in the environment selector view on the Attack Paths page.
[BHE Only] Updated finding titles in Privilege Zones - We’ve clarified the finding titles for additional privilege zones, making them clearer that these findings relate to zones outside Tier Zero.
We have significantly improved the performance of the API Explorer page.
[BHE Only] APIv1 has been removed from BloodHound Enterprise.