BloodHound 8.0 debuts with major upgrades in attack path management

SpecterOps has released BloodHound 8.0, the latest iteration of its open-source attack path management platform, featuring major enhancements and expanded capabilities.

BloodHound OpenGraph

The release introduces BloodHound OpenGraph, a major advancement in identity attack path management that uncovers attack paths across the entire technology stack. It enables users to ingest data from diverse systems such as GitHub, Snowflake, and Microsoft SQL Server and build tailored threat models that reflect their environments.

“To date, most of the innovation in attack path management has focused on Microsoft Active Directory and Entra ID, given the widespread adoption of those identity platforms,” said Jared Atkinson, CTO at SpecterOps. “BloodHound OpenGraph enables researchers across the BloodHound Community to quickly ingest new data sets and light up new attack paths across their environment. It’s a massive leap forward for tradecraft research, community collaboration, and possibilities for APM.”

New in BloodHound 8.0: Expandability and usability enhancements

Version 8.0 expands BloodHound’s coverage across more systems, introducing new use cases and usability improvements. The update also includes enhanced integration capabilities and a streamlined testing process, allowing teams to adopt integrations more quickly and reliably.

Microsoft Privileged Identity Management (PIM) roles

BloodHound Enterprise now supports visibility into Microsoft PIM roles, helping organizations identify where privileged roles are in use and whether they are properly configured and secured. This reduces risk exposure by ensuring that PIM roles aren’t unintentionally masking attack paths that teams believe have already been closed. When paired with least privilege principles, Just-in-Time access, and MFA, the result is a significantly smaller attack surface.

ServiceNow integration

This integration enables teams to automatically generate tickets in ServiceNow to track and manage vulnerabilities surfaced by BloodHound Enterprise, supporting more efficient remediation workflows.

Duo integration

Organizations can now apply Duo’s two-factor authentication and adaptive access policies to protect access to the BloodHound Enterprise environment, strengthening access controls for internal teams.

Privilege Zones analysis

The new Privilege Zones feature allows security teams to define and analyze multiple tiers of access across their environment. It extends Least Privilege enforcement beyond traditional identity infrastructure to include business-critical systems and regulated assets such as core applications or PCI- and HIPAA-scoped servers. By identifying violations across defined zones, organizations can more effectively prioritize and reduce risk.

BloodHound 8.0 is available for free on GitHub.

Must read:

Subscribe to the Help Net Security ad-free monthly newsletter to stay informed on the essential open-source cybersecurity tools. Subscribe here!