Owns

This clip shows an example of abusing object ownership:

Abuse Info

With ownership of the object, you may modify the DACL of the object however you wish. For more information about that, see the WriteDacl edge section.

Opsec Considerations

This depends on the target object and how to take advantage of this privilege. When using the PowerView functions, keep in mind that PowerShell v5 introduced several security mechanisms that make it much easier for defenders to see what’s going on with PowerShell in their network, such as script block logging and AMSI. You can bypass those security mechanisms by downgrading to PowerShell v2, which all PowerView functions support. Modifying permissions on an object will generate 4670 and 4662 events on the domain controller that handled the request.

References

https://www.youtube.com/watch?v=z8thoG7gPd0

Get Started with BloodHound

Install a Data Collector

Collect Data

OpenGraph

Analyze Attack Path Data

Manage BloodHound

API & Integrations

Resources

Abuse Info

Opsec Considerations

References

Get Started with BloodHound

Install a Data Collector

Collect Data

OpenGraph

Analyze Attack Path Data

Manage BloodHound

API & Integrations

Resources

​Abuse Info

​Opsec Considerations

​References

Abuse Info

Opsec Considerations

References