diff --git a/docs/resources/edges/generic-all.mdx b/docs/resources/edges/generic-all.mdx index 9683b87b..ee34d10a 100644 --- a/docs/resources/edges/generic-all.mdx +++ b/docs/resources/edges/generic-all.mdx @@ -4,7 +4,6 @@ description: This is also known as full control. This privilege allows the trust --- import ResourceEditionPill from '/snippets/resources/edition-pill.mdx'; -import AltSecurityIdentitiesEsc14 from '/snippets/edges/alt-security-identities-esc14.mdx'; import GpoAbuseTools from '/snippets/edges/gpo-abuse-tools.mdx'; @@ -21,8 +20,6 @@ You can reset user passwords with full control over user objects. For full abuse You can write to the `msDS-KeyCredentialLink` attribute on a user. Writing to this property allows an attacker to create "Shadow Credentials" on the object and authenticate as the principal using Kerberos PKINIT. See more information under the [AddKeyCredentialLink](/resources/edges/add-key-credential-link) edge. - - Alternatively, you can write to the `servicePrincipalNames` attribute and perform a targeted kerberoasting attack. See the abuse section under the [WriteSPN](/resources/edges/write-spn) edge for more information. ### With GenericAll Over a Computer @@ -31,8 +28,6 @@ You may read the LAPS password of the computer object. See more information unde You can write to the `msDS-KeyCredentialLink` attribute on a computer. Writing to this property allows an attacker to create "Shadow Credentials" on the object and authenticate as the computer using Kerberos PKINIT. See more information under the [AddKeyCredentialLink](/resources/edges/add-key-credential-link) edge. - - Alternatively, Full control of a computer object can be used to perform a Resource-Based Constrained Delegation attack. See more information under the [AllowedToAct](/resources/edges/allowed-to-act) edge. ### With GenericAll Over a GPO diff --git a/docs/resources/edges/generic-write.mdx b/docs/resources/edges/generic-write.mdx index 77673c28..c03daa30 100644 --- a/docs/resources/edges/generic-write.mdx +++ b/docs/resources/edges/generic-write.mdx @@ -4,7 +4,6 @@ description: Generic Write access grants you the ability to write to any non-pro --- import ResourceEditionPill from '/snippets/resources/edition-pill.mdx'; -import AltSecurityIdentitiesEsc14 from '/snippets/edges/alt-security-identities-esc14.mdx'; import GpoAbuseTools from '/snippets/edges/gpo-abuse-tools.mdx'; @@ -15,8 +14,6 @@ import GpoAbuseTools from '/snippets/edges/gpo-abuse-tools.mdx'; With GenericWrite over a user, you can write to the `msDS-KeyCredentialLink` attribute. Writing to this property allows an attacker to create "Shadow Credentials" on the object and authenticate as the principal using Kerberos PKINIT. See more information under the [AddKeyCredentialLink](/resources/edges/add-key-credential-link) edge. - - Alternatively, you can write to the `servicePrincipalNames` attribute and perform a targeted kerberoasting attack. See the abuse section under the [WriteSPN](/resources/edges/write-spn) edge for more information. **Groups** @@ -27,8 +24,6 @@ With GenericWrite over a group, add yourself or another principal you control to With GenericWrite over a computer, you can write to the `msDS-KeyCredentialLink` attribute. Writing to this property allows an attacker to create "Shadow Credentials" on the object and authenticate as the principal using Kerberos PKINIT. See more information under the [AddKeyCredentialLink](/resources/edges/add-key-credential-link) edge. - - Alternatively, you can perform a resource-based constrained delegation attack against the computer. See the [AllowedToAct](/resources/edges/allowed-to-act) edge abuse info for more information about that attack. **[GPO](/resources/nodes/gpo)** diff --git a/docs/resources/edges/traversable-edges.mdx b/docs/resources/edges/traversable-edges.mdx index 5e103532..c392afca 100644 --- a/docs/resources/edges/traversable-edges.mdx +++ b/docs/resources/edges/traversable-edges.mdx @@ -41,9 +41,8 @@ These are the traversable AD edge types in BloodHound: | [OwnsLimitedRights](/resources/edges/owns-limited-rights) | [ReadGMSAPassword](/resources/edges/read-gmsa-password) | [ReadLAPSPassword](/resources/edges/read-laps-password) | | [SameForestTrust](/resources/edges/same-forest-trust) | [SpoofSIDHistory](/resources/edges/spoof-sid-history) | [SQLAdmin](/resources/edges/sql-admin) | | [SyncedToADUser](/resources/edges/synced-to-ad-user) | [SyncedToEntraUser](/resources/edges/synced-to-entra-user) | [SyncLAPSPassword](/resources/edges/sync-laps-password) | -| [WriteAccountRestrictions](/resources/edges/write-account-restrictions)| [WriteAltSecurityIdentities](/resources/edges/write-alt-security-identities) | [WriteDacl](/resources/edges/write-dacl) | -| [WriteGPLink](/resources/edges/write-gp-link) | [WriteOwner](/resources/edges/write-owner) | [WriteOwnerLimitedRights](/resources/edges/write-owner-limited-rights) | -| [WritePublicInformation](/resources/edges/write-public-information) | [WriteSPN](/resources/edges/write-spn) | | +| [WriteAccountRestrictions](/resources/edges/write-account-restrictions)| [WriteDacl](/resources/edges/write-dacl) | [WriteGPLink](/resources/edges/write-gp-link) | +| [WriteOwner](/resources/edges/write-owner) | [WriteOwnerLimitedRights](/resources/edges/write-owner-limited-rights) | [WriteSPN](/resources/edges/write-spn) | These are the traversable Azure edge types in BloodHound: diff --git a/docs/resources/edges/write-alt-security-identities.mdx b/docs/resources/edges/write-alt-security-identities.mdx index 71fe6ede..2c2fc5a3 100644 --- a/docs/resources/edges/write-alt-security-identities.mdx +++ b/docs/resources/edges/write-alt-security-identities.mdx @@ -1,6 +1,7 @@ --- title: WriteAltSecurityIdentities description: "The principal can write to the altSecurityIdentities attribute on a user or computer, enabling explicit certificate mappings and ADCS ESC14 Scenario A." +hidden: true --- import ResourceEditionPill from '/snippets/resources/edition-pill.mdx'; diff --git a/docs/resources/edges/write-public-information.mdx b/docs/resources/edges/write-public-information.mdx index e8247d1f..db069bf7 100644 --- a/docs/resources/edges/write-public-information.mdx +++ b/docs/resources/edges/write-public-information.mdx @@ -1,6 +1,7 @@ --- title: WritePublicInformation description: "The principal can write to the Public-Information property set on a user or computer, including altSecurityIdentities and servicePrincipalName." +hidden: true --- import ResourceEditionPill from '/snippets/resources/edition-pill.mdx';