SpecterOps, the company behind BloodHound, announced a complete rewrite of its open source tool for mapping out attack paths through Microsoft Active Directory systems and Azure AD services. The new version, called BloodHound Community Edition, replaces the original codebase that was launched at DEF CON 24 in 2016.
The original version of BloodHound was not only difficult to install but also challenging to maintain. Justin Kohler, the vice president of products at SpecterOps, explains that the previous version required “about 20 or 30 steps” to install. However, the Community Edition simplifies the installation process by offering a server with support for REST APIs, a database, and a web-based interface. Instead of spending hours on installation, users can now set up BloodHound with a single Docker compose command in just a minute.
The decision to rewrite the tool was driven by the desire to give back to the open source community and improve the product’s development speed and efficiency. Additionally, SpecterOps wanted to eliminate the need for separate codebases for the open source and enterprise versions of BloodHound. With the Community Edition, both versions now share the same codebase, allowing for better coordination and faster updates.
Previously, SpecterOps had to maintain the codebase for the open source and enterprise versions separately because their architectures were different. This caused delays and forced the team to split their resources between the two versions. By merging the codebases, SpecterOps can now focus on one unified version of BloodHound, benefiting both the community and enterprise users.
The new Community Edition also brings several enhancements to the enterprise version. It includes user management, a more structured architecture, containerized deployment, and performance upgrades. These improvements ensure a more stable codebase for the open source community while providing enterprise users with additional features for support and ease of use.
The increased collaboration between the open source and enterprise versions of BloodHound aligns with the growing importance of open source software in offensive cybersecurity. Open source tools offer security specialists the ability to customize and adapt software to their specific needs, providing a superior alternative to proprietary tools. According to Dan Petro, a lead researcher at cybersecurity consultancy Bishop Fox, open source tools are crucial for offensive security teams to perform their jobs effectively.
However, open source software is not limited to offensive technology. It also plays a significant role in defensive cybersecurity. Open source cybersecurity tools help security professionals understand specific technology, threats, and processes. By analyzing open source penetration testing tools like BloodHound, defenders can identify potential weaknesses in their infrastructure and develop strategies to detect and defend against attacks.
Various open source defensive cybersecurity tools contribute to making security teams’ job easier. For instance, the ZAP dynamic analysis tool developed by Software Security Project helps verify and test procedures, while Ermetic’s CNAPPgoat creates vulnerable information assets to assess and detect specific vulnerabilities.
The upcoming DEF CON conference will feature the release of CNAPPgoat by Ermetic, highlighting the continuing trend of open source tools being utilized in the cybersecurity industry. These tools not only provide practical solutions but also contribute to the collective knowledge and expertise of security professionals.
In conclusion, the rewrite of BloodHound’s codebase into the Community Edition demonstrates SpecterOps’ commitment to the open source community and their mission of improving development speed and efficiency. The integration of the enterprise and community versions allows for a more unified approach while providing benefits to both user groups. The rise of open source software in offensive and defensive cybersecurity underscores its importance in the industry, enabling security specialists to customize and adapt tools to their specific needs.