Source: Help Net Security Author: Mirko Zorz URL: https://www.helpnetsecurity.com/2025/01/28/bloodyad-active-directory-privilege-escalation/
-
ONE SENTENCE SUMMARY: BloodyAD is an open-source Active Directory privilege escalation framework enabling versatile, multi-platform operations through specialized LDAP interactions.
-
MAIN POINTS:
-
BloodyAD facilitates privilege escalation in Active Directory using specialized LDAP calls with flexible authentication options.
-
It supports cleartext passwords, pass-the-hash, pass-the-ticket, and certificate-based authentication methods.
-
The framework operates seamlessly on Linux, macOS, and Windows platforms for maximum portability.
-
It allows privilege escalation without requiring LDAPS, enhancing operational flexibility.
-
SOCKS proxy compatibility ensures improved operational transparency during interactions with domain controllers.
-
Designed with verbosity, it helps users troubleshoot issues when domain controllers reject actions.
-
BloodyAD supports reconnaissance and privilege escalation across multi-domain infrastructures.
-
Future updates aim to enhance multi-domain testing, including displaying trusts and DNS records across domains.
-
The tool addresses the lack of Linux-based AD privilege escalation frameworks previously reliant on Windows tools like Powersploit.
-
BloodyAD is open-source, free on GitHub, and requires Python 3, MSLDAP, and dnspython.
-
TAKEAWAYS:
-
BloodyAD provides a Linux-compatible alternative for Active Directory privilege escalation, addressing previous Windows tool dependencies.
-
Its multi-platform support enables versatile use across Linux, macOS, and Windows environments.
-
Flexible authentication methods expand its usability in various operational contexts.
-
Multi-domain infrastructure support opens new privilege escalation opportunities across interconnected domains.
-
The tool is open-source and freely accessible, promoting community-driven development and enhancements.