This event has ended. Create your own event on Sched.
Back To Schedule
Tuesday, October 24 • 11:00am - 11:40am
How Graphs Changed The Way Hackers Attack

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
In April of 2015, John Lambert illustrated why hackers consistently defeat network security measures, stating: "Defenders think in lists. Attackers think in graphs. As long as this is true, attackers win." One year later, Rohan Vazarkar, Will Schroeder, and I released BloodHound at the DEF CON 24 hacker convention. BloodHound is a free and open source tool that uses graph theory to show how attackers breach and take over modern corporate network.

Since its release, BloodHound has changed how professional offensive consultants and network defenders view these attack paths, using Neo4j to discover in seconds what used to take days or weeks manually. With some information about the network? Who's logged in where? Who can administer what? Who's in what groups? Who has control over what objects? We can model how attackers choose their targets. The BloodHound attack graph exposes the hidden and often unintended relationships that may lead to Domain Admin, the keys to the kingdom in almost every corporate network in the world.

In this talk, we will show, with live demonstrations, the full history and evolution of BloodHound, starting with the frustrations of hacking without an attack graph, covering the spark that led us to an automated graph theory approach, building upon existing tools and tradecraft to create BloodHound, and capping off with BloodHound's newest improvements, schema additions, and future features. Finally, see how defenders use BloodHound to gain critical insights from the attack graph were the good guy kind of hackers after all.

avatar for Andy Robbins

Andy Robbins

Co-Author, BloodHound
Andy is an active red teamer and co-author of BloodHound, a tool designed to reveal the hidden and unintended permission relationships in Active Directory domains. He has performed numerous red team operations and penetration tests against banks, credit unions, health-care providers... Read More →

Tuesday October 24, 2017 11:00am - 11:40am PDT
Room 2