Virtualization Technology News and Information
Article
Search:
RSS
Follow VMblog.com:
Improve end user experience in VDI, DaaS and physical endpoint environments
SpecterOps Launches BloodHound Community Edition, the Future of the Wildly Popular Open-Source Penetration Testing Tool
SpecterOps announced the release of version 5.0 of BloodHound, a free and open-source penetration testing solution that maps attack paths in Microsoft Active Directory (AD) and Azure (including Azure AD/Entra ID) environments. As part of this update, BloodHound is being renamed BloodHound Community Edition (CE). The changes to BloodHound CE in version 5.0 make it much easier for open-source users to deploy, manage, and use the tool, while delivering some powerful new functionality. Additionally, some popular features from BloodHound CE are being added to BloodHound Enterprise, SpecterOps' defensive solution for enterprise security and identity teams.

This update brings many enterprise-grade usability features to BloodHound CE, like containerized deployment, REST APIs, user management, and access control. It also significantly improves performance while streamlining development allowing for faster development and incorporation of community contributions. Updates to BloodHound Enterprise include the ability to run custom Cypher queries, which will let Enterprise users explore and gather additional information from their directory service infrastructure.

"Our commitment to the BloodHound community and the goals of the project remain the same as always: helping penetration testers and defenders uncover the hidden, unintentional, and exploitable relationships in Active Directory," said Andy Robbins, co-creator of BloodHound. "This update allows us to strengthen both products by applying two years' worth of knowledge gained from building BloodHound Enterprise to BloodHound CE, and by bringing some in-demand features from CE into Enterprise at the same time. BloodHound CE is the same BloodHound that long time open-source users know and love, now with enterprise-grade deployment, usability, and UI."

New features in BloodHound CE include:

  • Support for REST APIs - BloodHound CE is a three-tier application with a database, an API layer, and a web-based user interface. Users can now use REST APIs to interact with data rather than needing to write queries directly to the database.
  • Containerized deployment - BloodHound CE will deploy as a containerized product. This much simpler process will reduce deployment time by 80%. This also makes it easier for users with different sized environments to manipulate the resources assigned to BloodHound.
  • Enterprise-grade user management - This update adds built-in full multi-user support with RBAC, the ability to create and assign user roles, and support for two factor authentication and SAML to BloodHound CE.
  • Protected Cypher searches - Cypher queries in BloodHound CE will include available guardrails to automatically cancel queries that will cause performance or security issues.
  • Reliability and performance upgrade - Routine maintenance updates will make the tool faster, more resilient, and more reliable.
  • More frequent updates and community contributions - These changes will allow SpecterOps to increase the rate of updates and new features added to BloodHound CE going forward and will increase the number of pull requests from the community that can be implemented.
  • Better community support - More similarities between BloodHound CE and BloodHound Enterprise under the hood means users will have better access to support and documentation for both.

As part of this update, some popular features from BloodHound CE are being brought to BloodHound Enterprise (BHE). These include:

  • Custom Cypher queries - BloodHound Enterprise users can now write custom Cypher queries to explore their AD environment with safeguards in place to prevent queries from accidentally causing security or performance issues.
  • Improved offline data collection - It is now possible to collect and upload directory data into BHE. This will allow, for example, a company to add data from a company it acquired without installing persistent data collectors.

All previous versions of BloodHound (everything before v5.0) will be referred to as "BloodHound Legacy" and will remain available going forward.

BloodHound was created in 2016 by Rohan Vazarkar, Will Schroeder, and Andy Robbins. It has been downloaded close to 500,000 times and has over 12,000 users in the BloodHound Community Slack. BloodHound has been recommended by the US Cybersecurity, Infrastructure Security Agency (CISA), and by Microsoft to help secure Microsoft Active Directory and Azure AD.

SpecterOps recently raised a $33.5M Series A funding round from Decibel and Ballistic Ventures. This update is one of many projects that funding has enabled or accelerated.

BloodHound Community Edition will be available on August 8th in early access.
Published Tuesday, August 01, 2023 12:02 PM by David Marshall
Filed under:
Get This Featured White Paper: EMA Radar Report - AIOps: A Guide to Investing in Innovation
You may also be interested in this white paper: AIOps Best Practices for IT Teams & Leaders
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
Customer Connect
Global Digital
DTX
DTW-NA
innovatrix
GISEC
global-digital-cx
vExpert
Calendar
<August 2023>
SuMoTuWeThFrSa
303112345
6789101112
13141516171819
20212223242526
272829303112
3456789