Active Directory is a directory service for enterprise networks that gives users access to resources across the enterprise. But it can also be described as the mother lode of all vulnerabilities.
A directory service should be a “source of truth,” said Justin Kohler, vice president of products at Spector Ops. But when users are overprivileged or misconfigurations occur, that creates attack hubs. And people can create local groups with their own rights at every Windows endpoint.
BloodHound is like Google Maps for Active Directory, Kohler said. It comes in two versions. BloodHound Community Edition is a free and open-source penetration testing solution that pen testers and red teamers can use to identify exploitable attack paths in Microsoft Active Directory and Azure environments. BloodHound Enterprise is designed for use by defenders to continuously and comprehensively manage attack path risk.
In this episode of CyberEd.io‘s podcast series “Cybersecurity Insights,” Kohler discussed:
- Why errors and misconfiguratuions persist in Active Directory, despite the fact that Microsoft is “very good about remediating vulnerabilities”;
- The differences between BloodHound Enterprise and the open-source BloodHound;
- Why open-source BloodHound is so valuable.
Kohler is an operations expert with more than a decade of experience in project and program development. He began his career in the U.S. Air Force and has worked at Microsoft and Gigamon.