Active Directory Attacks
Fail
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill provides detailed instructions for extracting sensitive cryptographic material and passwords from memory and Active Directory databases. Evidence includes the use of 'secretsdump.py' for 'krbtgt' hashes, 'Mimikatz' for 'lsadump::dcsync', and 'Rubeus' for Kerberoasting and AS-REP roasting.
- [COMMAND_EXECUTION]: The skill directs the execution of commands that modify system state and create unauthorized access points. Evidence includes instructions to create backdoor user accounts using 'net user backdoor /add' and manipulating system time to facilitate Kerberos attacks.
- [REMOTE_CODE_EXECUTION]: The skill instructs the user to execute unverified external scripts for critical vulnerability exploitation. Evidence includes calls to 'cve-2020-1472-exploit.py', 'CVE-2021-1675.py', and 'sam_the_admin.py'.
- [DATA_EXFILTRATION]: The skill outlines procedures for collecting and saving sensitive domain data to files for offline analysis. Evidence includes dumping domain enumeration data with 'BloodHound' and saving captured Kerberos tickets and NTLM hashes into local files like 'hashes.txt'.
Recommendations
- AI detected serious security threats
Audit Metadata