GenericAll means full control over the target AD object. It is not a single attack; it is a permission that lets us choose the best abuse for the target type.
In BloodHound this appears as:
ATTACKER --GenericAll--> TARGET
The target object determines the operation. Against a user, GenericAll can reset the password or add Shadow Credentials. Against a group, it can add members. Against a computer, it can enable Shadow Credentials or resource-based constrained delegation paths. Against an OU or GPO, it can become a broader control-plane problem.
This unit keeps the core GenericAll abuse focused on direct object takeover. RBCD, GPO abuse, DCSync, and ticket abuse are deeper paths covered later.