Do You Own Your Permissions, or Do Your Permissions Own You?
The article discusses how BloodHound Enterprise addressed false positives in Active Directory attack paths due to object ownership permissions. It explains how Microsoft's BlockOwnerImplicitRights feature prevents compromised accounts from altering security descriptors to elevate privileges. The author details the implementation of OwnsLimitedRights and WriteOwnerLimitedRights edges in BloodHound v7.1.0, which correctly identify when these features are active, reducing false positives for users blocking owner implicit rights.