Closed sp00ks-git closed 2 years ago
S3cur3Th1sSh1t
commented
3 years ago The „problem“ with Azurehound is to run it you need to preinstall several other modules on the executing system. I would need to pack them all into the script and load them.
sp00ks-git
commented
3 years ago From - https://bloodhound.readthedocs.io/en/latest/data-collection/azurehound.html "If the modules are not installed, you can use the “-Install” switch to install them."
But I guess this would trip EDR that's looking for module downloads.
S3cur3Th1sSh1t
commented
3 years ago I won't install new Powershell modules on customers clients or servers. That's out of scope most times. So this would need the modules to be loaded without installation.
S3cur3Th1sSh1t
commented
2 years ago I decided to not add any cloud modules here. WinPwn is designed to be run from a compromised system. And all cloud checks can be run from a non domain joined attacker host.
Therefore it’s just not needed here and would just increase the size.
Hi, Be really good to see an obfuscated version of AzureAD in here that would collect data for BloodHound Analysis.
https://raw.githubusercontent.com/BloodHoundAD/AzureHound/master/AzureHound.ps1