| name | bloodhound-bhce |
| description | Operate BloodHound Community Edition v9.2.2 via Decepticon's bhce_* tools — health check, Cypher passthrough, SharpHound ZIP ingest. Replaces the in-house ingest + ESC* post-process pipeline per ADR-0005. |
| metadata | {"subdomain":"active-directory","when_to_use":"bloodhound bhce attack path adcs esc dcsync sharphound ingest cypher ad enumeration domain compromise","mitre_attack":["T1078.002","T1558.003","T1649","T1003.006"],"upstream_url":"https://bloodhound.specterops.io/"} |
BloodHound CE via Decepticon's bhce_* Tools
Decepticon ships a sidecar BloodHound Community Edition v9.2.2 stack
(see docs/adr/0005-bloodhound-via-bhce-rest-client.md). Three
@tool wrappers expose it to the agent:
| tool | what it does |
|---|
bhce_status | Confirm BHCE is healthy and our HMAC token authenticates. Always call this first when an AD task starts. |
bhce_cypher | Run any Cypher query against BHCE's graph. Mutations are off by default. |
bhce_ingest_zip | Push a SharpHound .zip into BHCE — 3-step file-upload flow + polling until BHCE finishes parse + ESC* analysis. |
Use these instead of the legacy bh_ingest_zip / dcsync_check /
delegation_audit / gpo_audit / adcs_audit family — those are
the in-house port and are being retired per ADR-0005.
Why we use BHCE rather than our own ingest
BHCE's PostProcessedRelationships Go pipeline emits every edge a
red-team operator expects: ADCSESC1-13, GoldenCert, DCSync,
TrustedForNTAuth, IssuedSignedBy, CoerceAndRelayNTLMTo*,
HasSIDHistory, HasTrustKeys, SyncLAPSPassword, … The list is in
graphschema/ad/ad.go::PostProcessedRelationships() in the BHCE
source. We deliberately do not re-implement these in our
codebase; the agent leans on BHCE's analyzer instead.
The Decepticon KGStore still owns web, cloud, and smart-contract
findings, and stays canonical for cross-domain chain planning.
BHCE is the AD layer.
End-to-end loop the agent should follow
-
Health check — bhce_status(). Verify version.data.server_version matches the deployed v9.2.2 and self.data.principal_name is non-empty. If the diagnostic mentions BHCE_URL / BHCE_TOKEN_*, the sidecar is offline or the token has been revoked — stop and report.
-
Ingest — for every SharpHound collection drop:
bhce_ingest_zip(path="/abs/path/to/20260605_lab.zip")
Expected result envelope: {job_id, terminal_status, last_payload, elapsed_seconds}. terminal_status must be one of
Complete, PartiallyComplete, Failed, Cancelled. Anything else
(an error field, missing terminal_status) means BHCE never closed
the job — surface the error to the operator rather than continuing
with stale data.
-
Walk the graph with bhce_cypher. Some battle-tested starting
queries (BHCE node labels — User, Computer, Group, Domain,
GPO, OU, CertTemplate, EnterpriseCA, RootCA, AIACA,
NTAuthStore, IssuancePolicy):
-
All Domain Admins (sanity check that ingest landed):
MATCH (g:Group)
WHERE g.objectid ENDS WITH '-512'
MATCH (n)-[:MemberOf*1..]->(g)
RETURN n.name, labels(n)
-
Shortest path from a foothold to a Tier-Zero asset:
MATCH p = shortestPath(
(n {objectid: $foothold_sid})-[*1..15]->(t {system_tags: 'admin_tier_0'})
)
RETURN p
-
ADCS escalation paths (BHCE post-processes ESC* edges, so the
agent never has to derive them):
MATCH p = (u {objectid: $foothold_sid})
-[:MemberOf|ADCSESC1|ADCSESC3|ADCSESC4|ADCSESC6a|ADCSESC6b|
ADCSESC9a|ADCSESC9b|ADCSESC10a|ADCSESC10b|ADCSESC13|
Enroll|AutoEnroll|GenericAll*1..10]->
(t:Domain)
RETURN p LIMIT 10
-
GoldenCert opportunities (CA + NTAuthStore + Domain triangle):
MATCH (ca:EnterpriseCA)-[:TrustedForNTAuth]->(:NTAuthStore)
MATCH (ca)-[:GoldenCert]->(d:Domain)
RETURN ca.name, d.name
-
DCSync candidates:
MATCH (n)-[:DCSync]->(d:Domain)
RETURN n.name, labels(n), d.name
-
Cross-domain plays — when an AD path terminates and the chain
needs to cross into the Decepticon KGStore (web exploitation, cloud
pivots, smart-contract findings), hand the BHCE finding off to the
chain planner. Do not try to write web/cloud nodes into BHCE; BHCE
is AD-only.
Common failure modes
bhce_status returns a BHCE_URL diagnostic — the sidecar
isn't running (docker compose up -d bhce-neo4j bhce) or the
agent's environment is missing BHCE_TOKEN_ID / BHCE_TOKEN_KEY.bhce_cypher returns 401 signature digest mismatch — clock
skew. BHCE enforces ±1 hour (cmd/api/src/api/auth.go:276-296).
Check the container time before opening a wider investigation.bhce_ingest_zip reports terminal_status: Failed — the ZIP
is corrupt or BHCE rejected an unknown JSON schema version
(meta.version). Look in last_payload for the BHCE-side reason.- An expected ADCS edge is missing after ingest — BHCE only
derives ESC* / GoldenCert / DCSync at analysis time, which runs
after ingest closes. Wait for
terminal_status (the tool already
polls until terminal) rather than re-running cypher in a busy loop.
Where authoritative information lives
- BHCE source code:
github.com/SpecterOps/BloodHound (current
release v9.2.2, 2026-06-01). This is the single source of truth
for every edge, post-process algorithm, and Cypher passthrough
guard. When the upstream changes the schema, the agent's queries
here have to follow.
- Official BHCE REST API spec: shipped at
packages/go/openapi/src/openapi.yaml in the BHCE repo, also
reachable at runtime via GET /api/v2/spec on the sidecar.
- SpecterOps documentation site:
https://bloodhound.specterops.io — official methodology, AD / Azure
/ ADCS guides, and the canonical attack-path query library.
Consult it directly for novel attack patterns; we deliberately
avoid vendoring it here so the agent always reads the latest.
- ADR:
docs/adr/0005-bloodhound-via-bhce-rest-client.md — why
the agent talks to a sidecar BHCE instead of using the in-house
port that PRs #560..#578 built.
