Veris Group’s AdaptiveThreat Divisions BloodHound is an exciting new tool to help Enterprises understand the current state, and possibly threat, of their Windows Active Directory environment. It is designed to augment Empire and, if I followed the DerbyCon talk / video correctly, the injestor will be built into Empire 2.0 to facilitate easy discovery / reconnaissance.
The BloodHound project is currently a work in progress but, like Empire, is well maintained and already functional. Documentation is still growing and I suspect that new users may find there is a bit of a learning curve until the documentation is updated. Personally, I would rather have the developers complete all of their current feature and functionality ideas and allow the documentation to be updated from the community for a while and then pull some of it into the projects wiki. To that end, here is a little bit I have learned about running queries on information BloodHound has collected.