BloodHound is a tool designed for Active Directory attack path analysis.
It enumerates relationships between users, groups, and computers, showing how a low-privileged account can escalate privileges to high-value targets (like the HR database server).
This exactly matches the tester’s objective: modeling attack paths to accounts with sufficient permissions.
Why not the others?
A. Responder: Used for LLMNR/NBT-NS poisoning and credential capture, not AD path analysis.
B. Mimikatz: Used for credential dumping (plaintext passwords, hashes, Kerberos tickets), but doesn’t model attack paths.
C. Hydra: Brute-force login tool, not for AD privilege pathing.
E. TruffleHog: Secret discovery tool (API keys, passwords in repos), unrelated to AD attack path analysis.
CompTIA PT0-003 Objective Mapping:
Domain 2.0 Information Gathering and Vulnerability Scanning
2.4: Use appropriate tools for network/AD enumeration and privilege escalation path discovery (BloodHound).
