Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 0 additions & 5 deletions docs/resources/edges/generic-all.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@ description: This is also known as full control. This privilege allows the trust
---

import ResourceEditionPill from '/snippets/resources/edition-pill.mdx';
import AltSecurityIdentitiesEsc14 from '/snippets/edges/alt-security-identities-esc14.mdx';
import GpoAbuseTools from '/snippets/edges/gpo-abuse-tools.mdx';

<ResourceEditionPill />
Expand All @@ -21,8 +20,6 @@ You can reset user passwords with full control over user objects. For full abuse

You can write to the `msDS-KeyCredentialLink` attribute on a user. Writing to this property allows an attacker to create "Shadow Credentials" on the object and authenticate as the principal using Kerberos PKINIT. See more information under the [AddKeyCredentialLink](/resources/edges/add-key-credential-link) edge.

<AltSecurityIdentitiesEsc14 edgeName="GenericAll" />

Alternatively, you can write to the `servicePrincipalNames` attribute and perform a targeted kerberoasting attack. See the abuse section under the [WriteSPN](/resources/edges/write-spn) edge for more information.

### With GenericAll Over a Computer
Expand All @@ -31,8 +28,6 @@ You may read the LAPS password of the computer object. See more information unde

You can write to the `msDS-KeyCredentialLink` attribute on a computer. Writing to this property allows an attacker to create "Shadow Credentials" on the object and authenticate as the computer using Kerberos PKINIT. See more information under the [AddKeyCredentialLink](/resources/edges/add-key-credential-link) edge.

<AltSecurityIdentitiesEsc14 edgeName="GenericAll" />

Alternatively, Full control of a computer object can be used to perform a Resource-Based Constrained Delegation attack. See more information under the [AllowedToAct](/resources/edges/allowed-to-act) edge.

### With GenericAll Over a GPO
Expand Down
5 changes: 0 additions & 5 deletions docs/resources/edges/generic-write.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@ description: Generic Write access grants you the ability to write to any non-pro
---

import ResourceEditionPill from '/snippets/resources/edition-pill.mdx';
import AltSecurityIdentitiesEsc14 from '/snippets/edges/alt-security-identities-esc14.mdx';
import GpoAbuseTools from '/snippets/edges/gpo-abuse-tools.mdx';

<ResourceEditionPill />
Expand All @@ -15,8 +14,6 @@ import GpoAbuseTools from '/snippets/edges/gpo-abuse-tools.mdx';

With GenericWrite over a user, you can write to the `msDS-KeyCredentialLink` attribute. Writing to this property allows an attacker to create "Shadow Credentials" on the object and authenticate as the principal using Kerberos PKINIT. See more information under the [AddKeyCredentialLink](/resources/edges/add-key-credential-link) edge.

<AltSecurityIdentitiesEsc14 edgeName="GenericWrite" />

Alternatively, you can write to the `servicePrincipalNames` attribute and perform a targeted kerberoasting attack. See the abuse section under the [WriteSPN](/resources/edges/write-spn) edge for more information.

**Groups**
Expand All @@ -27,8 +24,6 @@ With GenericWrite over a group, add yourself or another principal you control to

With GenericWrite over a computer, you can write to the `msDS-KeyCredentialLink` attribute. Writing to this property allows an attacker to create "Shadow Credentials" on the object and authenticate as the principal using Kerberos PKINIT. See more information under the [AddKeyCredentialLink](/resources/edges/add-key-credential-link) edge.

<AltSecurityIdentitiesEsc14 edgeName="GenericWrite" />

Alternatively, you can perform a resource-based constrained delegation attack against the computer. See the [AllowedToAct](/resources/edges/allowed-to-act) edge abuse info for more information about that attack.

**[GPO](/resources/nodes/gpo)**
Expand Down
5 changes: 2 additions & 3 deletions docs/resources/edges/traversable-edges.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -41,9 +41,8 @@ These are the traversable AD edge types in BloodHound:
| [OwnsLimitedRights](/resources/edges/owns-limited-rights) | [ReadGMSAPassword](/resources/edges/read-gmsa-password) | [ReadLAPSPassword](/resources/edges/read-laps-password) |
| [SameForestTrust](/resources/edges/same-forest-trust) | [SpoofSIDHistory](/resources/edges/spoof-sid-history) | [SQLAdmin](/resources/edges/sql-admin) |
| [SyncedToADUser](/resources/edges/synced-to-ad-user) | [SyncedToEntraUser](/resources/edges/synced-to-entra-user) | [SyncLAPSPassword](/resources/edges/sync-laps-password) |
| [WriteAccountRestrictions](/resources/edges/write-account-restrictions)| [WriteAltSecurityIdentities](/resources/edges/write-alt-security-identities) | [WriteDacl](/resources/edges/write-dacl) |
| [WriteGPLink](/resources/edges/write-gp-link) | [WriteOwner](/resources/edges/write-owner) | [WriteOwnerLimitedRights](/resources/edges/write-owner-limited-rights) |
| [WritePublicInformation](/resources/edges/write-public-information) | [WriteSPN](/resources/edges/write-spn) | |
| [WriteAccountRestrictions](/resources/edges/write-account-restrictions)| [WriteDacl](/resources/edges/write-dacl) | [WriteGPLink](/resources/edges/write-gp-link) |
| [WriteOwner](/resources/edges/write-owner) | [WriteOwnerLimitedRights](/resources/edges/write-owner-limited-rights) | [WriteSPN](/resources/edges/write-spn) |

These are the traversable Azure edge types in BloodHound:

Expand Down
1 change: 1 addition & 0 deletions docs/resources/edges/write-alt-security-identities.mdx
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
---
title: WriteAltSecurityIdentities
description: "The principal can write to the altSecurityIdentities attribute on a user or computer, enabling explicit certificate mappings and ADCS ESC14 Scenario A."
hidden: true
---

import ResourceEditionPill from '/snippets/resources/edition-pill.mdx';
Expand Down
1 change: 1 addition & 0 deletions docs/resources/edges/write-public-information.mdx
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
---
title: WritePublicInformation
description: "The principal can write to the Public-Information property set on a user or computer, including altSecurityIdentities and servicePrincipalName."
hidden: true
---

import ResourceEditionPill from '/snippets/resources/edition-pill.mdx';
Expand Down
Loading