✨
Tech Stuff
  • Welcome
  • Threat Hunting
    • Learning ETW
      • Logman
      • SilkETW
      • Apply ETW to Windows Event (1)
    • Learning win32evtlog in python
  • Attack Simulation
    • Atomic Red Team
  • Tools
    • Windows Events Providers Explorer
    • FRIDA for iOS app penetration testing
  • Windows Security
    • User Account Control (UAC)
      • UAC Bypass
  • Windows OS Penetration Testing
    • Metasploit
    • PowerShell
    • Bloodhound
  • Unorganized Python
  • Python - pexpect
  • Python - subprocess for Windows
  • Parsing evtx to json
  • Python - Pykd
  • Workflow
    • Kali Linux on Docker
Powered by GitBook
On this page
  • Running sharphound on victim
  • Telemetry Behavior

Was this helpful?

  1. Windows OS Penetration Testing

Bloodhound

Running sharphound on victim

Using sharphound to enumerate all user info from AD

$ Import-Module .\sharphound.ps1
$ Invoke-Bloodhound --ZipFileName .\ad.zip --JsonFolder .\ --CollectionMethod All -Domain <victim_domain>

Telemetry Behavior

  1. sharphound.ps1 will be quarantine/detected when it was executed

  2. Invoke-Bloodhound command became an common IOC which will also trigger detection/blocking

PreviousPowerShellNextPython - pexpect

Last updated 3 years ago

Was this helpful?