creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-13 22:54:53 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
d5f3fa32486ea335db802d68fe2147fa2da69583
Anthropic-Cybersecurity-Skills/skills/performing-active-directory-bloodhound-analysis/references/api-reference.md
T
mukul975 27c6414ca5 Add folder anatomy (scripts/agent.py + references/api-reference.md) for 648 cybersecurity skills 
Complete skill folder anatomy across all cybersecurity skills:
- scripts/agent.py: 80-150 line Python agents using real libraries (impacket,
  boto3, azure-mgmt-*, kubernetes, pefile, yara, scapy, shodan, stix2, etc.)
- references/api-reference.md: real API documentation with method signatures
- LICENSE: MIT license for all skill folders
2026-03-10 21:02:12 +01:00

1.5 KiB
Raw Blame History

API Reference: BloodHound AD Attack Path Analysis

neo4j Python Driver

from neo4j import GraphDatabase
driver = GraphDatabase.driver(uri, auth=(user, password))
driver.verify_connectivity()
with driver.session() as session:
    results = session.run(query, parameters)
    records = [dict(record) for record in results]
driver.close()

Key BloodHound Cypher Queries

Domain Admins

MATCH (u:User)-[:MemberOf*1..]->(g:Group)
WHERE g.name STARTS WITH 'DOMAIN ADMINS'
RETURN u.name, u.enabled

Shortest Path to DA

MATCH p=shortestPath((u:User {owned:true})-[*1..]->(g:Group))
WHERE g.name STARTS WITH 'DOMAIN ADMINS'
RETURN u.name, length(p) AS hops ORDER BY hops

Kerberoastable Users

MATCH (u:User) WHERE u.hasspn=true AND u.enabled=true
RETURN u.name, u.serviceprincipalnames

Unconstrained Delegation

MATCH (c:Computer) WHERE c.unconstraineddelegation=true
RETURN c.name, c.operatingsystem

BloodHound Node Types

Node Properties
User name, enabled, hasspn, admincount, owned, dontreqpreauth
Computer name, operatingsystem, unconstraineddelegation, enabled
Group name, admincount, objectid
GPO name, gpcpath
OU name, guid

BloodHound Edge Types

Edge Meaning
MemberOf Group membership
AdminTo Local admin rights
HasSession Active session on computer
GenericAll Full object control
WriteDacl Can modify ACL
GpLink GPO linked to OU
Reference in New Issue View Git Blame Copy Permalink