Read Justin Kohler’s recent blog post on new BloodHound Enterprise capabilities that extend Identity Attack Path Management beyond traditional identity infrastructure into Okta, GitHub, and Jamf-managed macOS environments.Register for the webinar with Jared Atkinson and Justin Kohler on March 31 to see how BloodHound Enterprise uncovers attack paths across Okta, GitHub, and Mac environments, helping teams prioritize what matters. They will also discuss additional enhancements, including Privilege Zones and role-based access control (RBAC).
A new episode of the Know Your Adversary podcast dropped this week. Hear from Steve Elovitz from Palo Alto Networks’ Unit 42 on how modern adversaries operate once inside an environment, why identity has become a primary entry point for many attacks, and the attack patterns his team most frequently sees during incident response engagements.
There’s still time to save your spot at SO-CON 2026! Join us in Arlington, Virginia for our two-day (April 13-14) conference packed with talks, research, and community exchange, followed by four days (April 15-18) of deep-dive, hands-on trainings led by adversary-experienced practitioners.
Resolved several issues that could cause analysis to fail.
Resolved an issue preventing Cypher queries on PostgreSQL from respecting minimum and maximum path length limits.
Resolved an issue where Cypher queries on PostgreSQL failed with the error ERROR: invalid reference to FROM-clause entry for table "s0" (SQLSTATE 42P01).
Resolved an issue where certain Cypher path queries on PostgreSQL could be slower than expected due to an inefficient edge-to-path join pattern.
BloodHound will no longer support SHA-1 cipher suites when configured to serve HTTPS directly (without a load balancer).
This release introduces new features, enhancements, and fixed issues to improve data collection, OpenGraph ingestion capabilities, and general usability. Key highlights include:
Property-based edge matching enables hybrid edge creation using cross-system attributes, such as email, username, or hostname.
AzureHound collects Federated Identity Credentials (FICs) from Azure and adds new nodes and edges in BloodHound to represent these trust relationships.
BloodHound Enterprise now allows you to upload nodes and edges in separate OpenGraph data payloads without losing disconnected nodes after ingestion.
It also includes a breaking change for OpenGraph data payloads.
This release improves graph investigation workflows in Explore and resolves reliability issues in findings export, Zone Builder tagging and filtering, and query naming. Key highlights include:
Explore adds resizable table columns, Meta node details in the Entity Panel, and clearer edge guidance for Azure role relationships.
Edge reference coverage expands with a new valid_edges.json schema for valid source-target node relationships and supported edge types.
Fixed issues improve findings export accuracy, Zone Builder Tier Zero tagging timing and zone membership filtering behavior, and prebuilt query naming clarity.
Review clearer and more consistent edge guidance for AZOwner, AZOwns, and key Entra ID role edges, plus valid node relationships and supported edge types with a new valid_edges.json schema.
This release enhances data collection capabilities with new customization options, expands permissions for Cypher query management, and improves Zone Builder with better rule testing, clearer terminology, and enhanced object identification.
