Source: Help Net Security Author: Mirko Zorz URL: https://www.helpnetsecurity.com/2025/01/28/bloodyad-active-directory-privilege-escalation/

ONE SENTENCE SUMMARY:

BloodyAD is an open-source Active Directory privilege escalation framework enabling versatile, multi-platform operations through specialized LDAP interactions.

MAIN POINTS:

1. BloodyAD facilitates privilege escalation in Active Directory using specialized LDAP calls with flexible authentication options.
2. It supports cleartext passwords, pass-the-hash, pass-the-ticket, and certificate-based authentication methods.
3. The framework operates seamlessly on Linux, macOS, and Windows platforms for maximum portability.
4. It allows privilege escalation without requiring LDAPS, enhancing operational flexibility.
5. SOCKS proxy compatibility ensures improved operational transparency during interactions with domain controllers.
6. Designed with verbosity, it helps users troubleshoot issues when domain controllers reject actions.
7. BloodyAD supports reconnaissance and privilege escalation across multi-domain infrastructures.
8. Future updates aim to enhance multi-domain testing, including displaying trusts and DNS records across domains.
9. The tool addresses the lack of Linux-based AD privilege escalation frameworks previously reliant on Windows tools like Powersploit.
10. BloodyAD is open-source, free on GitHub, and requires Python 3, MSLDAP, and dnspython.

TAKEAWAYS:

1. BloodyAD provides a Linux-compatible alternative for Active Directory privilege escalation, addressing previous Windows tool dependencies.
2. Its multi-platform support enables versatile use across Linux, macOS, and Windows environments.
3. Flexible authentication methods expand its usability in various operational contexts.
4. Multi-domain infrastructure support opens new privilege escalation opportunities across interconnected domains.
5. The tool is open-source and freely accessible, promoting community-driven development and enhancements.