v1.0.0 - OpenGraph Integration

TaskHound v1.0.0

Major Features

BloodHound OpenGraph Integration

• New: Full BloodHound Community Edition (BHCE) OpenGraph support for visualizing scheduled tasks as attack paths
• New: Automatic upload of task relationships to BloodHound CE
• New: Task nodes with HasTaskWithStoredCreds and RunsAs relationships for attack path analysis
• New: --bh-opengraph flag to enable OpenGraph generation and upload
• New: --bh-no-upload flag to generate OpenGraph files without uploading

DPAPI Credential Decryption

• New: Decrypt stored credentials from scheduled tasks using DPAPI
• New: --loot flag for automatic credential extraction
• New: --dpapi-key support for offline decryption
• New: Comprehensive credential parsing and masterkey handling

Enhanced BloodHound Integration

• New: Live BloodHound CE connector with REST API queries
• New: Query high-value users directly from BloodHound database
• New: Unified connector configuration field supporting both BHCE and Legacy
• New: Token-based authentication for BHCE API

Password Analysis Improvements

• New: Password freshness analysis using task creation dates
• New: Fallback to trigger StartBoundary when creation date unavailable
• New: Warning messages when using fallback dates for analysis
• New: Enhanced password age comparison logic

Enhancements

SID Resolution

• Enhanced: Impacket LDAP integration for NTLM hash authentication
• Enhanced: Multi-level SID lookup chain (BloodHound → LDAP → Well-known)
• Enhanced: Support for --ldap-user and --ldap-password for dedicated LDAP credentials
• Enhanced: NTLM hash support with --hashes flag

Cross-Domain Detection

• Fixed: False positive cross-domain task detection with FQDN domain prefixes
• Fixed: Case-insensitive domain comparison
• Enhanced: Short domain name extraction from FQDN for accurate matching

Command-Line Interface

• New: --targets-file for bulk target scanning
• New: --offline-dir for offline XML analysis
• New: --bh-config for custom BloodHound configuration file path
• Enhanced: Better error messages and validation
• Enhanced: Comprehensive argument validation with conflict checking

Testing & Quality

Test Suite

• New: Comprehensive pytest test suite with 14 test files
• New: Live integration tests for real environment testing
• New: Unit tests for parsers, CLI args, and core logic
• New: Test fixtures and configuration examples
• New: GitHub Actions CI/CD workflow

Development Tooling

• New: Makefile with common development tasks
• New: Ruff configuration for linting and formatting
• New: pytest configuration with coverage reporting
• New: Development requirements file

Documentation

• Enhanced: Comprehensive README with OpenGraph usage examples
• Enhanced: Configuration examples for BloodHound connector
• Enhanced: Cypher query examples for BloodHound analysis
• New: Test data documentation and fixtures
• New: Live test configuration examples

Bug Fixes

• Fixed false positive cross-domain detection (FQDN vs short name)
• Fixed password analysis not running when creation date missing
• Fixed Python version requirement (3.11+)
• Fixed package installation for CI/CD

Dependencies

• Impacket >= 0.11.0 (NTLM hash support)
• ldap3 >= 2.9.0 (LDAP operations)
• pycryptodome >= 3.15.0 (DPAPI decryption)

Breaking Changes

• Minimum Python version raised to 3.11+
• ldap3 replaced with Impacket LDAP for some operations
• BloodHound config format updated (use connector field)

Migration Guide

From 0.9.x to 1.0.0

1. Update Python version: Ensure Python 3.11 or higher
2. Update dependencies: pip install -r requirements.txt
3. Update BloodHound config: Use new connector field format:

   [BloodHound]
   connector = http://127.0.0.1:8080  # New unified format
   type = bhce

4. Enable OpenGraph: Add --bh-opengraph flag to upload tasks to BloodHound

Credits

• Community Contributors: Thanks to all testers and feedback providers!

Resources

• Documentation
• Report Issues
• BloodHound CE

---

Full Changelog: v0.9.0...v1.0.0

0.9.0 - Initial BHCE Support

This release introduces the BHCE export support and improves some key areas.

What's New

BloodHound Community Edition (BHCE) Support

• Full support for both Legacy BloodHound and BHCE formats
• Automatic format detection and processing

Simplified Output Messages

• Streamlined plain output messages

README restructuring (Again)

Technical Improvements

• Updated high-value user detection logic

Release v0.8.1: Documentation Updates

Documentation and Stability Release

Current Version Status

This is the current stable release (v0.8.1) with all features implemented and documented.

Release v0.8.0: SID Resolution

SID Resolution Release

Major New Features

• SID Resolution: Automatically resolve Windows SIDs to human-readable usernames if encountered during collection
• BloodHound Integration: SID lookup using existing BloodHound data (no network traffic)
• LDAP Fallback: Queries domain controller when BloodHound data is insufficient
• OPSEC: New --no-ldap flag to disable LDAP queries

SID Resolution Features

• Smart Detection: Automatically identifies domain SIDs (S-1-5-21---*-RID format)
• Graceful Degradation: Clear messaging when SIDs cannot be resolved

Display Improvements

• Enhanced looks_like_domain_user() to recognize domain SIDs as domain accounts
• SIDs now properly included in Tier 0 and high-value analysis
• Comprehensive error messages with explanatory context
• Maintains both resolved username and original SID for analysis

Technical Implementation

• New taskhound/utils/sid_resolver.py module with comprehensive resolution logic
• Enhanced engine.py integration for both online and offline processing
• Updated CLI with --no-ldap parameter
• Full ldap3 library integration with robust error handling

Upgrade Notes

• SID resolution is enabled by default
• Use --no-ldap flag for OPSEC-friendly operation (disables LDAP but keeps BloodHound resolution)
• Existing BloodHound data files work seamlessly with SID resolution
• New dependency: ldap3 library (automatically installed)

Release v0.7.0: Security Foundation

Security Foundation Release

Major Features

• Tier 0 Classification System: Automatically detect Domain Admins, Enterprise Admins, and other Tier 0 accounts
• Enhanced Task Filtering: New --include-local and --include-all flags for comprehensive discovery
• Password Analysis
• BOF Implementation: Added Beacon Object File documentation and implementation

Key Improvements

• Enhanced BloodHound integration with robust group membership analysis
• Comprehensive task discovery options for different operational needs
• Improved output formatting and summary reporting

Technical Changes

• Major refactoring of engine.py for better classification logic
• Enhanced highvalue.py with comprehensive Tier 0 detection
• New filtering options in config.py and CLI
• Improved error handling

Upgrade Notes

• New command line flags available: --include-local, --include-all
• Enhanced BloodHound data processing - existing data files remain compatible
• Improved output format with clearer security classifications

0.6.0

TaskHound v0.6.0

This release brings improvements, bug fixes, and new (experimental) features.

Features

EXPERIMENTAL BOF for AdaptixC2

• Exactly what it says. Not battle-tested yet. Use with caution. (Don't blame me if this gets you busted)

Summary Table Output

• Added --summary parameter for formatted task count tables
• Shows privileged vs normal task counts per hostname with totals

Bug Fixes

Subdirectory Traversal

• Fixed missing recursive subdirectory scanning for custom directories under C:\Windows\System32\Tasks

Task Filtering Logic

• Corrected creds detection to handle stored credentials regardless of username format
• Fixed logic that incorrectly excluded tasks with stored credentials but non-domain usernames
• Aligned filtering behavior between online (SMB) and offline (XML) processing modes

Initial Release

Initial Release

• Enumerate Windows scheduled tasks over SMB with BloodHound-style high-value user enrichment.
• Supports password, NTLM, and Kerberos authentication.
• Offline and backup modes for task XML collection and analysis.
• Optional (EXPERIMENTAL) Credential Guard detection.
• Clear, actionable output for privilege escalation and DPAPI dump scenarios.

See the README for usage and details.