We also assume that the attacker has either access to a domain-joined computer or has access to the connection.
Don’t forget to update the drivers as well!
But how do the attackers know that an admin will log on to that computer?
Sergey Nivens/Shutterstock
Well, that’s easy—they cause problems with the machine and wait for support to log on.
BloodHound uses a Graph Database calledNeo4jto discover hidden relationships between users and computers by usingGraph Theory.
And, most of the data collection that it does can be done by a normal user.
It can even discover local admin and active sessions on remote computers.
Mitigation Tip:Scan your environments regularly with BloodHound to discover unintentional relationships.
The attacker usually has no problem finding passwords and escalating once inside the unprivileged account of an admin.
