Get Started with BloodHound
Install a Data Collector
Collect Data
OpenGraph
Analyze Attack Path Data
Manage BloodHound
API & Integrations
Resources
- Resources
- About BloodHound Edges
- Traversable and Non-Traversable Edge Types
- AbuseTGTDelegation
- ADCSESC1
- ADCSESC10a
- ADCSESC10b
- ADCSESC13
- ADCSESC3
- ADCSESC4
- ADCSESC6a
- ADCSESC6b
- ADCSESC9a
- ADCSESC9b
- AddAllowedToAct
- AddKeyCredentialLink
- AddMember
- AddSelf
- AdminTo
- AllExtendedRights
- AllowedToAct
- AllowedToDelegate
- AZAddMembers
- AZAddOwner
- AZAddSecret
- AZAKSContributor
- AZAppAdmin
- AZAutomationContributor
- AZAvereContributor
- AZCloudAppAdmin
- AZContains
- AZContributor
- AZExecuteCommand
- AZGetCertificates
- AZGetKeys
- AZGetSecrets
- AZGlobalAdmin
- AZHasRole
- AZKeyVaultContributor
- AZLogicAppContributor
- AZManagedIdentity
- AZMemberOf
- AZMGAddMember
- AZMGAddOwner
- AZMGAddSecret
- AZMGAppRoleAssignment_ReadWrite_All
- AZMGApplication_ReadWrite_All
- AZMGDirectory_ReadWrite_All
- AZMGGrantAppRoles
- AZMGGrantRole
- AZMGGroupMember_ReadWrite_All
- AZMGGroup_ReadWrite_All
- AZMGRoleManagement_ReadWrite_Directory
- AZMGServicePrincipalEndpoint_ReadWrite_All
- AZNodeResourceGroup
- AZOwner
- AZOwns
- AZPrivilegedAuthAdmin
- AZPrivilegedRoleAdmin
- AZResetPassword
- AZRunsAs
- AZScopedTo
- AZUserAccessAdministrator
- AZVMAdminLogin
- AZVMContributor
- AZWebsiteContributor
- CanApplyGPO
- CanPSRemote
- CanRDP
- ClaimSpecialIdentity
- CoerceToTGT
- Contains
- ContainsIdentity
- CrossForestTrust
- DCFor
- DCSync
- DelegatedEnrollmentAgent
- DumpSMSAPassword
- Enroll
- EnrollOnBehalfOf
- EnterpriseCAFor
- ExecuteDCOM
- ExtendedByPolicy
- ForceChangePassword
- GenericAll
- GenericWrite
- GetChanges
- GetChangesAll
- GetChangesInFilteredSet
- GoldenCert
- GPLink
- GPOAppliesTo
- HasSession
- HasSIDHistory
- HasTrustKeys
- HostsCAService
- IssuedSignedBy
- LocalToComputer
- ManageCA
- ManageCertificates
- MemberOf
- MemberOfLocalGroup
- NTAuthStoreFor
- OIDGroupLink
- Owns
- PropagatesACEsTo
- PublishedTo
- ReadGMSAPassword
- ReadLAPSPassword
- RemoveInteractiveLogonRight
- RootCAFor
- SameForestTrust
- SpoofSIDHistory
- SQLAdmin
- SyncLAPSPassword
- SyncedToADUser
- SyncedToEntraUser
- TrustedForNTAuth
- WriteAccountRestrictions
- WriteDacl
- WriteGPLink
- WriteOwner
- WritePKIEnrollmentFlag
- WritePKINameFlag
- WriteSPN
- Legacy BloodHound
Edges
AddKeyCredentialLink
The ability to write to the “msds-KeyCredentialLink” property on a user or computer. Writing to this property allows an attacker to create “Shadow Credentials” on the object and authenticate as the principal using kerberos PKINIT.
⌘I