Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
View Regular
Justin Kohler Profile picture
Justin Kohler
@JustinKohler10
VP Products @Specterops. Father of 4. Biking is life. He/him.

Mar 1, 2022, 14 tweets

Our #BloodHoundEnterprise customers really value measuring the exposure of any given #AttackPath so I figured I'd do a quick 🧵 to explain how this works

We'll start with an example, Riley (a regular user) has rights over a Domain Controller (Tier Zero / Critical Asset):

This is certainly an issue we'd want to address but how do we really assess the risk?

Let's look at who can control Riley's account.

The Help Desk Group (5 members) can reset her password and the sysadmin team (3 members) who have local administrative rights on her machine:

This is starting to look serious.

But look at what happens when Riley runs a script across some servers to install some software:

Things are looking far worse than our initial view:

This exposure measurement continues even further:
- Who can target the Help Desk team?
- Who has privileges on those servers?

And further still:
- For each of those answers, who has an Attack Path to those?

And so on, and so on

A seemingly innocuous privilege can quickly cascade through the relationships in AD and make it trivial for an adversary to find a path to their objective.

BloodHound Enterprise continuously monitors and measures this Attack Path risk by first mapping all paths from critical assets:

Identifies Attack Path Choke Points:

And quantifies their exposure based on how much of the environment can abuse each path.

I.e. "92% of all users have an Attack Path to fully control our domain through this GenericWrite privilege on the CONTOSODC01 Domain Controller":

This is objective, empirical measurement of risk.

Your environment and your specific AD architecture.

Your specific risk.

Empirical measurements of risk allow BloodHound Enterprise customers to better prioritize remediation:

For more detail, check out this post:
posts.specterops.io/3-foundational…

Want to see it in your environment? Sign up here for a demo: bloodhoundenterprise.io

Share this Scrolly Tale with your friends.

A Scrolly Tale is a new way to read Twitter threads with a more visually immersive experience.
Discover more beautiful Scrolly Tales like this.

Keep scrolling