Active Directory Attacks
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADS
Full Analysis
- [Data Exposure & Exfiltration] (MEDIUM): The skill provides numerous methods to extract sensitive data from a domain environment, including NT hashes via DCSync (secretsdump.py), Kerberos tickets via Kerberoasting (Rubeus.exe), and administrative passwords from Group Policy Preferences (Get-GPPPassword.py).
- [Privilege Escalation] (MEDIUM): Detailed instructions are provided for acquiring Domain Administrator privileges through various attacks such as DCSync, GPO abuse, and misconfigured AD CS templates (ESC1). It also includes commands for system-level privilege escalation on the attack platform (e.g., 'sudo date').
- [Persistence Mechanisms] (MEDIUM): Details techniques for maintaining long-term unauthorized access, specifically forging Golden Tickets with Mimikatz and adding backdoor users or tasks via Group Policy Objects (SharpGPOAbuse.exe).
- [Credential Attacks] (MEDIUM): Focuses on large-scale credential harvesting through password spraying (kerbrute) and NTLM relay attacks (ntlmrelayx.py), which are high-risk operations involving the manipulation of authentication protocols.
- [Unverifiable Dependencies & Remote Code Execution] (LOW): Recommends the execution of numerous third-party offensive security scripts and binaries (e.g., SharpHound.exe, MalSCCM.exe, sam_the_admin.py) whose source and integrity are not verified within the skill files.
Audit Metadata