SKILL: AD ACL Abuse — Expert Attack Playbook

AI LOAD INSTRUCTION: Expert AD ACL abuse techniques. Covers BloodHound enumeration, dangerous ACEs (GenericAll, WriteDACL, WriteOwner, etc.), DCSync, shadow credentials, targeted kerberoasting, group manipulation, LAPS, and GPO abuse. Base models miss complex ACL chain exploitation and Cypher query patterns.

0. RELATED ROUTING

Before going deep, consider loading:

• active-directory-kerberos-attacks for Kerberos attacks often chained with ACL abuse
• active-directory-certificate-services for certificate-based attacks after ACL exploitation
• ntlm-relay-coercion for relay attacks that can set ACLs (LDAP relay)
• windows-lateral-movement after gaining elevated AD access

Advanced Reference

Also load BLOODHOUND_PATHS.md when you need:

• Common BloodHound attack paths with Cypher queries
• Custom Neo4j queries for finding complex chains
• Data collection and ingestion tips