Operator On The Wire
← Back to Knowledge Base
OOTW / Chapter IV - Active Directory / 04. Techniques / ACL Abuse / GenericAll

Information

GenericAll means full control over the target AD object. It is not a single attack; it is a permission that lets us choose the best abuse for the target type.

In BloodHound this appears as:

ATTACKER --GenericAll--> TARGET

The target object determines the operation. Against a user, GenericAll can reset the password or add Shadow Credentials. Against a group, it can add members. Against a computer, it can enable Shadow Credentials or resource-based constrained delegation paths. Against an OU or GPO, it can become a broader control-plane problem.

This unit keeps the core GenericAll abuse focused on direct object takeover. RBCD, GPO abuse, DCSync, and ticket abuse are deeper paths covered later.