Operator On The Wire
← Back to Knowledge Base
OOTW / Chapter IV - Active Directory / 04. Techniques / ACL Abuse / GenericAll

Matrix

GenericAll is a control primitive. The correct abuse is selected from the object type, current access, and operational objective.

TargetRequired rightAbuse pathLinux toolingWindows toolingResponse focus
UserGenericAllReset password, add Shadow Credentials, or modify account attributesbloodyAD, certipy shadow, pywhisker.pyPowerView Set-DomainUserPassword, Set-DomainObject, AD moduleRemove malicious attributes, rotate credentials, review account use
GroupGenericAllAdd controlled member or change group attributesbloodyAD add groupMember, net rpcPowerView Add-DomainGroupMember, AD moduleRemove added members and repair group ACLs
ComputerGenericAllAdd Shadow Credentials, modify delegation-related attributes, or reset computer password where appropriatecertipy shadow, bloodyAD, Impacket toolingPowerView Set-DomainObject, AD moduleClear malicious attributes and review computer account authentication
OUGenericAllModify child object control, linked GPO paths, or delegated permissionsbloodyAD, dacledit.pyPowerView Add-DomainObjectAcl, GPMC/AD moduleReview inherited permissions and linked GPO changes
GPOGenericAllModify policy content or delegation to execute code on linked targetspyGPOAbuse.py, SMB toolingPowerView, GPMC, native policy toolingRestore GPO from known-good state and review SYSVOL changes