BloodHound & AzureHound

BloodHound's AzureHound (https://github.com/SpecterOps/AzureHound) supports Azure and Entra ID too to map attack paths. It uses AzureAD and Az PowerShell modules for gathering the data through it collectors.

Because READ access to objects is required to even know it's existence, AzureHound is not as interesting as BloodHound

Get Data

$passwd = ConvertTo-SecureString "Password@1234" -AsPlainText -Force
$creds = New-Object System.Management.Automation.PSCredential("[email protected]", $passwd)
Import-Module AzureAD
Connect-AzAccount -Credential $creds
Connect-AzureAD -Credential $creds
. C:\AzAD\Tools\AzureHound\AzureHound.ps1
Invoke-AzureHound -Verbose

The gathered data can be uploaded to the BloodHound application.

Or from bash:

./azurehound -u "[email protected]" -p "password123!" list --tenant "tenant.com" -o output.json

Visualize data with BloodHound community edition

Custom AzureHound queries

Logoazurehound-queries/customqueries.json at main ยท emiliensocchi/azurehound-queriesGitHub
PreviousROADToolsNextStorage Accounts (database)

Last updated