Synced User Attack Path Analysis with BloodHound
Вставка
- Опубліковано 11 лют 2025
- BloodHound Enterprise and BloodHound CE now support hybrid Attack Paths that go from on-prem Active Directory to Entra, and vice versa. The first class of hybrid Attack Paths our products support are those that rely on users that are synchronized from on-prem Active Directory to Entra. In this webinar we discuss discovery, execution, and remediation of those Attack Paths.
We explain two new edges, SyncedToEntraUser and SyncedToADUser, how those edges can be abused by an adversary, and how they can be remediated by a defender. We also demonstrate new pre-built queries that help accelerate the discovery and remediation of the most critical synced user relationships. Finally, we give a preview of which hybrid Attack Paths we are working on shipping next.
