Identifying Privilege Paths with BloodHound Brief

BloodHound maps AD relationships into a directed graph where objects are nodes and relationships are edges (MemberOf, GenericAll, WriteDACL, HasSession). It identifies transitive privilege escalation paths that would be invisible to manual enumeration — chains of legitimate relationships that combine to create unintended access.

Any authenticated domain user account. SharpHound collects data via standard LDAP queries — object properties, group memberships, ACLs, sessions, and trusts. No administrative privileges required for basic collection.

A prioritized list of privilege escalation and lateral movement paths ranked by hop count and feasibility. Reveals Kerberoastable accounts on escalation paths, accounts with unintended DCSync rights, and delegation misconfigurations.

BloodHound maps all relationships in your directory and finds paths where one compromised account can reach critical systems through chains of permissions and group memberships. These chains are created by normal administrative actions, but no one reviews how they combine. The fix is reviewing and simplifying relationship chains on privileged objects.

Finding: Privilege Escalation Path via [specific chain]. The operator used BloodHound to identify a [N]-hop path from [compromised account] to [target]. [Specific chain description]. Severity: [Rating]. Recommendation: [Remove/modify specific permissions].