First of all thank you for such amazing product.
I've used the app to collect data from some HTB box and wasn't able to find privesc path.
After a while I asked for help and was told that there's some ACE on the group object that BloodHound.py doesn't enumerate.
I've use pywerview to get acls and the missing one was shown.

The missing ace is ACCESS_ALLOWED_ACE type (0x0) of Self (accessmask 0x8) on group for some user

I was able to hack the BloodHound.py to collect that ace by adding following code segment after line 221 of bloodhound/enumeration/alcs.py which is the end of ace type 0x0 block (I basically copy&pasted from ace type 0x5 block, but without "ace_object.acedata.data.ObjectType == EXTRIGHTS _GUID_MAPPING['WriteMember']" as it broke the run)
I had to use --disable-pooling to figure out that there was an exception because pooling hides it for some reason

if mask.has_priv(ACCESS_MASK.ADS_RIGHT_DS_SELF):
  if entrytype == 'group':
    relations.append(build_relation(sid, 'AddSelf', '', inherited=is_inherited))

Not sure if that usable in this form, but from acl collection standpoint it fixed the missing acl.
Now I have the BH graph with clear privesc path from the user.

I can provide more details in discord if required as the box is active, so I can't give much.

Thank you.