Last updated: April 29, 2026
Individual AD misconfigurations look innocuous on their own. A group with a few extra members. A computer with delegation enabled. A user with GenericWrite on a colleague’s account. In isolation, each is a “maybe low risk.” When graph-analysed together, they form attack paths — concrete, stepwise routes from any foothold to Domain Admin.
BloodHound is the tool that turns this relationship graph into a queryable database. In defence or offence, if you run it against your own AD once, you will know more about your environment than most internal teams.
What BloodHound is
BloodHound is two parts:
- Collectors — SharpHound (Windows), AzureHound (for Entra ID / Azure AD), BloodHound.py (cross-platform). These enumerate AD and collect: users, groups, computers, ACLs, sessions, local-admin rights, trust relationships, delegation settings, GPO links, and more. Output: JSON files.
- Analyzer / visualiser — a Neo4j-backed web interface that ingests the JSON and renders the directory as a graph. Nodes are principals and resources; edges are relationships. The graph is queryable with Cypher and comes with pre-built queries for common attack paths.
Since 2023, the community standard is BloodHound Community Edition (BHCE) from SpecterOps — a cleaner, actively-maintained rebuild of the original. BloodHound Enterprise is the commercial version with continuous monitoring and remediation workflow.
Custom team training + practitioner advisory
Beyond the free academy — we run private workshops, vCISO advisory, and red-team exercises tailored to your stack. For Indian SMBs scaling past their first hire.