00:00 - Intro talking about why we want to parse Bloodhound Data with JQ to create lists
00:43 - Just examining the data in Bloodhound
01:28 - Writing a Cipher Query to show all enabled users in Bloodhound
02:35 - Showing Bloodhound Debug Mode which will show Cipher Queries when you run them
03:28 - Start of looking at Bloodhound Data
04:25 - Digging through the JSON Structure with JQ to get to the Properties of a User
06:30 - Showing all the names, if we wanted to remove the quotes, we could use the -r flag for raw
06:50 - Using the Select Query in JQ to show only enabled/disabled users
07:45 - Outputting multiple fields in JQ so we can show usernames + descriptions
08:20 - Using JQ to filter out descriptions with null to only show AD Accounts with a description
09:30 - Talking about LastLogon and LastLogonTimeStamp
10:45 - Converting integers to string in JQ so we can output them
12:00 - Outputting all accounts where a PwdLastSet is Greater than the users last logon
14:10 - Using JQ to filter out empty array's which lets use find all accounts that are kerberoastable
14:50 - Using JQ to parse the computers and showing operating systems
15:50 - Filtering out Operating Systems which may help us find end of life OS's
16:30 - Using JQ to show each computers last logon which will let us view all active computers
Support the originator by clicking the read the rest link below.
