⌘Ctrlk

Bloodhound

Running sharphound on victim

Using sharphound to enumerate all user info from AD

$ Import-Module .\sharphound.ps1
$ Invoke-Bloodhound --ZipFileName .\ad.zip --JsonFolder .\ --CollectionMethod All -Domain <victim_domain>

Telemetry Behavior

sharphound.ps1 will be quarantine/detected when it was executed
Invoke-Bloodhound command became an common IOC which will also trigger detection/blocking

PreviousPowerShell NextPython - pexpect

Last updated 4 years ago