BloodHound & AzureHound

BloodHound's AzureHound (https://github.com/SpecterOps/AzureHound) supports Azure and Entra ID too to map attack paths. It uses AzureAD and Az PowerShell modules for gathering the data through it collectors.

Because READ access to objects is required to even know it's existence, AzureHound is not as interesting as BloodHound

Get Data

$passwd = ConvertTo-SecureString "Password@1234" -AsPlainText -Force
$creds = New-Object System.Management.Automation.PSCredential("test@pp.onmicrosoft.com", $passwd)
Import-Module AzureAD
Connect-AzAccount -Credential $creds
Connect-AzureAD -Credential $creds
. C:\AzAD\Tools\AzureHound\AzureHound.ps1
Invoke-AzureHound -Verbose

The gathered data can be uploaded to the BloodHound application.

Visualize data with BloodHound community edition

PreviousROADTools NextPrivilege Escalation

Last updated 4 days ago