Active Directory has been the cornerstone of network identity management for years. Even in networks that runs mostly on *Nix, AD is often the service used to track hardware, perform audits, and many other actions.

The true power of AD comes in it’s fine-grained control of users, computers, and permissions. Being able to give outdated software special permissions and restrict other privileges on a per-host basis is extremely powerful, and not something that should be thought of as simple. However, with this powerful control comes extreme complexity. As a user changes jobs, or a server changes roles, the permissions assigned can start stacking up. Over the years, IT admins stop removing permissions because they are afraid of breaking functionality that they don’t understand, leading to complex security issues that are hard to find for an untrained technician.

As such, several tools have been created to map out these issues and make them easy to understand. One such tool is BloodHound. Created by a few members of SpecterOps, it has quickly become one of the most used security tools in the industry by both Red and Blue teams alike. After gathering data from AD, it uses graph theory to map out privileges between AD objects and highlight areas where security issues may exist.