GenericWrite allows writing many attributes on the target object. It is weaker than GenericAll, but still enough for several takeover paths.
In BloodHound this appears as:
ATTACKER --GenericWrite--> TARGET
GenericWrite is attribute abuse. We do not assume that we can reset the target password directly. Instead, we inspect the target object, identify useful writable attributes, and turn those attributes into authentication material or execution.
The common user-object paths are targeted Kerberoasting through a fake servicePrincipalName, Shadow Credentials through msDS-KeyCredentialLink, and less commonly logon script abuse through scriptPath. Computer-object paths often become Shadow Credentials or resource-based constrained delegation through msDS-AllowedToActOnBehalfOfOtherIdentity.
The operational rule is simple: identify the object type, inspect the current attribute values, make the smallest useful change, exploit the new condition, and restore the modified attribute. GenericWrite is powerful, but sloppy attribute changes can break services and leave obvious traces.