PowerShell+ 2019 - CypherDog2.0 - Bloodhound Dog Whispering with PowerShell by Walter Legowski
0BloodHound is a fantastic open source active directory graphing tool designed by @_Wald0, @CptJesus & @harmj0y.
Initialy created for offensive purposes, it has also quickly gained popularity within blue teams
and "regular" Active Directory Admins.
In this session, I will present CypherDog2.0, a PowerShell module designed to interact with BloodHound via its REST API for advanced interaction with the database, and allowing actions that can not be performed in the Bloodhound UI.
This PowerShell module runs Cypher queries under the hood (the neo4j database query language), and allows to get the maximum out of the Bloodhound data -including metrics as demonstrated by @_wald0 in his latest research- with a simplified dynamic syntax and cool PowerShell pipeline combos...
In this presentation, I will show how to
- Query database for Nodes, Edges and Paths and return objects
- Manipulate BloodHound Data (at scale)
- Request cheapest path (shortest is not always cheapest...)
- Chain cypher queries over PowerShell pipeline
- Query for possible relevant active directory metrics
...and more cool cypher tricks & BloodHound object manipulation from the comfort of a PowerShell prompt.
PowerShell Summit videos are recorded on a "best effort" basis. We use a room mic to capture as much room audio as possible, with an emphasis on capturing the speaker. Our recordings are made in a way that minimizes overhead for our speakers and interruptions to our live audience. These recordings are meant to preserve the presentations' information for posterity, and are not intended to be a substitute for attending the Summit in person. These recordings are not intended as professional video training products. We hope you find these videos useful - the equipment used to record these was purchased using generous donations from members of the PowerShell community.