BloodHound Complete Guide: AD Attack Path Mapping

BloodHound is the closest thing to a cheat code for Active Directory pentesting. Feed it your domain data and it draws a map of every path from regular user to Domain Admin — paths that would take you days to find manually. This guide covers everything: installation, data collection with SharpHound, running Cypher queries, and using the attack paths you find to actually escalate privileges. What BloodHound Does (and Why It Matters) Active Directory environments are complex. Thousands of users, hundreds of groups, nested permissions, ACL misconfigurations, Kerberos delegation settings — no human can reason about all of it manually. ...

June 30, 2026 · 10 min · Red Team Guide