Automated Tool for enumeration.

To summarize the key steps:

1. Data Collection with SharpHound: You use SharpHound to gather data on Active Directory by leveraging Windows API functions like NetWkstaUserEnum, NetSessionEnum, and LDAP queries. SharpHound can be run through a PowerShell script. You initiate it with the command Invoke-BloodHound, and choose the -CollectionMethod (e.g., "All" to gather all relevant information). The output is saved as a .zip file.

2. Looping in SharpHound: You can enable the Loop function to run SharpHound continuously over a period of time to capture changes in the environment. This is useful for seeing new logins or other modifications that occur after your initial snapshot.

3. Setting a password on the ZIP: You can protect the output ZIP file by using the -ZipPassword option.

4. BloodHound Analysis: Once data is collected, it is imported into BloodHound (a graphical analysis tool). BloodHound uses the Neo4j graph database to present relationships between users, computers, groups, and privileges. This enables you to visualize attack paths, such as those leading to Domain Admins or other sensitive users.

5. Neo4j Setup: On Kali Linux, Neo4j is started via the sudo neo4j start command, and BloodHound can be launched afterward. You log into BloodHound using the Neo4j credentials and upload the SharpHound-collected data.

6. Shortest Path Analysis: One of BloodHound's key features is to automatically identify the shortest paths to your objective (e.g., Domain Admin privileges). This helps attackers focus on the most efficient route to escalate privileges.

Invoke-BloodHound -CollectionMethod All -OutputDirectory C:\Users\stephanie\Desktop\ -OutputPrefix "corp audit" -ZipPassword "YourPasswordHere"