Manually Parse Bloodhound Data with JQ to Create Lists of Potentially Vulnerable Users and Computers

00:00 - Intro talking about why we want to parse Bloodhound Data with JQ to create lists 00:43 - Just examining the data in Bloodhound 01:28 - Writing a Cipher Query to show all enabled users in Bloodhound 02:35 - Showing Bloodhound Debug Mode which will show Cipher Queries when you run them 03:28 - Start of looking at Bloodhound Data 04:25 - Digging through the JSON Structure with JQ to get to the Properties of a User 06:30 - Showing all the names, if we wanted to remove the quotes, we could use the -r flag for raw 06:50 - Using the Select Query in JQ to show only enabled/disabled users 07:45 - Outputting multiple fields in JQ so we can show usernames + descriptions 08:20 - Using JQ to filter out descriptions with null to only show AD Accounts with a description 09:30 - Talking about LastLogon and LastLogonTimeStamp 10:45 - Converting integers to string in JQ so we can output them 12:00 - Outputting all accounts where a PwdLastSet is Greater than the users last logon 14:10 - Using JQ to filter out empty array's which lets use find all accounts that are kerberoastable 14:50 - Using JQ to parse the computers and showing operating systems 15:50 - Filtering out Operating Systems which may help us find end of life OS's 16:30 - Using JQ to show each computers last logon which will let us view all active computers