Active Directory Attacks
Warn
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONREMOTE_CODE_EXECUTION
Full Analysis
- COMMAND_EXECUTION (HIGH): The skill provides numerous command-line examples for executing code on remote systems with administrative privileges using the Impacket suite (e.g., psexec.py, wmiexec.py).
- DATA_EXFILTRATION (HIGH): Includes detailed instructions for extracting sensitive authentication material, including domain-wide NT hashes (DCSync), LAPS passwords, and Kerberos tickets.
- REMOTE_CODE_EXECUTION (MEDIUM): Provides specific exploitation workflows for critical vulnerabilities such as ZeroLogon (CVE-2020-1472) and PrintNightmare (CVE-2021-1675) to achieve unauthorized access.
- COMMAND_EXECUTION (MEDIUM): Documents persistence mechanisms such as the forgery of Golden and Silver Tickets and the abuse of Group Policy Objects to maintain long-term access.
Audit Metadata