Edges are part of the graph construct, and are represented as links/relationships that connect one node to another node. For example, the image below shows three User nodes (left side) connected to one Group node (right side), via the “MemberOf” edge, indicating the three users belong to the group:
The direction of the edge, indicated by the arrow, always indicates the direction of attack, or the direction of privilege. From the above example; because all three users have a "MemberOf" edge pointing towards the group, all three users have the same privileges as the group.
Each article in this section is documenting an individual edge and each contains:
- A description of the edge.
- Abuse Info: How red teamers can use the privilege of the edge to obtain their goals.
- Opsec Considerations: What red teamers should consider to avoid detection and thereby increase operational security.
- References: Links to publicly available sources used to create the above information.
Note that edge names indicate what directory they apply to; all Entra ID (Azure Active Directory) edges are prefixed with "AZ", while Active Directory edges have no prefix.