The Agent Skills Directory

[SAFE]: The skill is a specialized security tool for Kerberos threat hunting. All identified components, including the Python script and detection queries, align with the stated purpose and follow security best practices.
[SAFE]: The scripts/agent.py file performs local parsing of Windows Event Logs (.evtx) to identify specific Kerberos Event IDs (4768, 4769, 4771). The script does not perform any network operations, does not execute arbitrary code, and contains no hidden or obfuscated logic.
[SAFE]: The skill relies on the well-known and trusted python-evtx library for log processing. No suspicious or unverified dependencies are requested.
[SAFE]: The Splunk and KQL queries provided are standard detection logic used by security operations centers and do not contain any bypasses or malicious instructions.

detecting-golden-ticket-attacks-in-kerberos-logs