Claims
Detect dangerous ACL misconfigurations in Active Directory using ldap3 to identify GenericAll, WriteDACL, and WriteOwner abuse paths.
Actual behavior
The skill describes a standard, read-only analysis workflow. It connects to a Domain Controller via LDAP/LDAPS, queries the `nTSecurityDescriptor` attribute, parses SDDL/ACEs, resolves SIDs, and filters for dangerous permissions on non-administrative principals. It outputs a structured JSON report.
No non-informational findings.