Skip to content

Comments

ACL parsing updates#53

Merged
Tw1sm merged 7 commits intocoffeegist:mainfrom
c3c:patch-1
Jan 29, 2026
Merged

ACL parsing updates#53
Tw1sm merged 7 commits intocoffeegist:mainfrom
c3c:patch-1

Conversation

@c3c
Copy link

@c3c c3c commented Jan 27, 2026

I diffed how bloodhound.py+SharpHoundCommon do ACL parsing, and compared it to bofhound.
Before this patch, some edges were present that shouldn't have been and vice versa, potentially due to swalling exceptions of unknown object types or due to missing object type restrictions.

  • Processing of generic edges vs those that have specific object types now mimics the SharpHound behavior more closely. Introduced obj_type_present guards where needed. This matches SharpHound's semantics: if ObjectType is a specific GUID (not AllGuid/absent), don't treat it as a generic edge, but still process it for specific property/extended-right edges
  • Some edges can apply to more entry types (e.g. forcechangepassword can apply to both computers and users)
  • SelfAdd extended to allow for AllGuid and MembershipPropertySet
  • LAPS parsing is now closer to how SharpHound does it

May contain mistakes 🤞

@Tw1sm
Copy link
Collaborator

Tw1sm commented Jan 29, 2026

Thanks for the contribution!

@Tw1sm Tw1sm merged commit 817d5d7 into coffeegist:main Jan 29, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants