top of page

Collecting Bloodhound Information:

Assumes neo4j and Bloodhound are installed already

Using Cobalt Strike Beacon:

  • ​Move to a file location with write access:

    • cd\users\{user}\downloads​   # User Context

    • cd\temp    *System Context

  • Import Bloodhound into Beacon:

    • powershell-import /path/to/SharpHound.ps1

  • Initiate Bloodhound Collection & Export

    • Manual Download:  powershell -Exec Bypass Get-SharpHoundData | Export-BloodHoundCSV ​

    • Pass Direct to neo4j:  

Run Bloodhound from Non-Domain Joined PC:

  • Open Cmd Prompt as Domain User:

    • ​runas /netonly /noprofile /user:domain\user cmd.exe  
            <--- Prompts for pswd

    • SharpHound.exe --DomainController --Domain -c All 

Placeholder - more to come!:


Pentest-Zen (

bottom of page