BloodHound has changed how red and blue teams approach risk in Active Directory environments. The interface is slick, the install is painless enough considering the dependencies, and the pre-built analytics deliver actionable intelligence. BloodHound provides the foundational elements – a reliable backend, a means for ingesting, querying, and displaying data – for users to extend the already-great features and tailor the platform to their specific job function or workflow. This talk will cover how I’ve adapted BloodHound to enhance my workflow as a penetration tester. I’ll demonstrate custom extensions used to track and visualize compromised nodes, represent password reuse between users or computers, blacklist unwanted nodes and relationships, and more. Folks who attend this talk will gain a solid understanding of BloodHound’s underlying Neo4j data structures, as well as how to write Cypher queries to build their own BloodHound customizations.