Manually Parse Bloodhound Data with JQ to Create Lists of Potentially Vulnerable Users and Computers

Published: 01 May 2022
on channel: IppSec

13,777

416

00:00 - Intro talking about why we want to parse Bloodhound Data with JQ to create lists
00:43 - Just examining the data in Bloodhound
01:28 - Writing a Cipher Query to show all enabled users in Bloodhound
02:35 - Showing Bloodhound Debug Mode which will show Cipher Queries when you run them
03:28 - Start of looking at Bloodhound Data
04:25 - Digging through the JSON Structure with JQ to get to the Properties of a User
06:30 - Showing all the names, if we wanted to remove the quotes, we could use the -r flag for raw
06:50 - Using the Select Query in JQ to show only enabled/disabled users
07:45 - Outputting multiple fields in JQ so we can show usernames + descriptions
08:20 - Using JQ to filter out descriptions with null to only show AD Accounts with a description
09:30 - Talking about LastLogon and LastLogonTimeStamp
10:45 - Converting integers to string in JQ so we can output them
12:00 - Outputting all accounts where a PwdLastSet is Greater than the users last logon
14:10 - Using JQ to filter out empty array's which lets use find all accounts that are kerberoastable
14:50 - Using JQ to parse the computers and showing operating systems
15:50 - Filtering out Operating Systems which may help us find end of life OS's
16:30 - Using JQ to show each computers last logon which will let us view all active computers

Watch video Manually Parse Bloodhound Data with JQ to Create Lists of Potentially Vulnerable Users and Computers online, duration hours minute second in high quality that is uploaded to the channel IppSec 01 May 2022. Share the link to the video on social media so that your subscribers and friends will also watch this video. This video clip has been viewed 13,777 times and liked it 416 visitors.

443