You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I think historically, we've resisted adding this edge because the exploitation of this primitive is very complex and relies on several factors that are hard to enumerate. Maybe its time we took another look at it, but exploitation is still very complex, relying on ability to add DNS records or new computers for example
The ACL Processor collects GenericAll, WriteDACL and WriteOwner ACLs on all object types.
For GenericWrite and WriteProperty, it collects the ACLs only for User, Group and Computer (and to some extent GPOs):
https://github.com/BloodHoundAD/SharpHoundCommon/blob/a2cc6c1bff4e3879c9329e89822d7e82e6806911/src/CommonLib/Processors/ACLProcessor.cs#L338-L392
I just stumbled upon a case where an Everyone has GenericWrite on an OU, this can be exploited as shown in the following articles:
I think this edge should also be collected on OUs. What do you think?
Thanks a lot for your great work!
The text was updated successfully, but these errors were encountered: