BloodHound

Commands

#Use SharpHound.ps1

Invoke-BloodHound -Collection All

#To Avoid Detection
Invoke-BloodHound -CollectionMethod All -ExcludeDC

To review active sessions, we'll again use a custom query in BloodHound. Since Cypher is a querying language, we can build a relationship query with the following syntax (NODES)-[:RELATIONSHIP]->(NODES).

The relationship for our use case is [:HasSession]. The first node of the relationship specified by a property is (c:Computer) and the second is (m:User). Meaning, the edge between the two nodes has its source at the computer object. We'll use p to store and display the data.

MATCH p = (c:Computer)-[:HasSession]->(m:User) RETURN p

PreviousPivoiting NextLinux Walk Around

Last updated 1 year ago