SpecterOps, a provider of adversary-focused cybersecurity solutions born out of unique insights of advanced threat actor tradecraft, announced the release of version 5.0 of BloodHound, a free and open-source penetration testing solution that maps attack paths in Microsoft Active Directory (AD) and Azure environments. As part of this update, BloodHound is being renamed BloodHound Community Edition (CE). The changes to BloodHound CE in version 5.0 make it much easier for open-source users to deploy, manage, and use the tool, while delivering some powerful new functionality. Additionally, some popular features from BloodHound CE are being added to BloodHound Enterprise, SpecterOps’ defensive solution for enterprise security and identity teams.
This update brings many enterprise-grade usability features to BloodHound CE, like containerized deployment, REST APIs, user management, and access control. It also significantly improves performance while streamlining development allowing for faster development and incorporation of community contributions. Updates to BloodHound Enterprise include the ability to run custom Cypher queries, which will let Enterprise users explore and gather additional information from their directory service infrastructure.
“Our commitment to the BloodHound community and the goals of the project remain the same as always: helping penetration testers and defenders uncover the hidden, unintentional, and exploitable relationships in Active Directory,” said Andy Robbins, co-creator of BloodHound. “This update allows us to strengthen both products by applying two years’ worth of knowledge gained from building BloodHound Enterprise to BloodHound CE, and by bringing some in-demand features from CE into Enterprise at the same time. BloodHound CE is the same BloodHound that long time open-source users know and love, now with enterprise-grade deployment, usability, and UI.”
New features in BloodHound CE include:
- Support for REST APIs – BloodHound CE is a three-tier application with a database, an API layer, and a web-based user interface. Users can now use REST APIs to interact with data rather than needing to write queries directly to the database.
- Containerized deployment – BloodHound CE will deploy as a containerized product. This much simpler process will reduce deployment time by 80%. This also makes it easier for users with different sized environments to manipulate the resources assigned to BloodHound.
- Enterprise-grade user management – This update adds built-in full multi-user support with RBAC, the ability to create and assign user roles, and support for two factor authentication and SAML to BloodHound CE.
- Protected Cypher searches – Cypher queries in BloodHound CE will include available guardrails to automatically cancel queries that will cause performance or security issues.
SpecterOps recently raised a $33.5M Series A funding round from Decibel and Ballistic Ventures. This update is one of many projects that funding has enabled or accelerated.
SOURCE: Businesswire