exploiting-active-directory-certificate-services-esc1

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes explicit plaintext passwords and commands that pass credentials (e.g., -p 'Password123', /password:, -hashes :ntlmhash) directly on the command line and in examples, which requires the agent to handle and output secret values verbatim, creating exfiltration risk.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content explicitly documents and instructs on abusing AD CS ESC1 to forge certificates for high-privilege impersonation (PKINIT), obtain Kerberos TGTs, and perform credential theft and domain compromise (DCSync, Mimikatz, secretsdump), i.e., deliberate techniques for privilege escalation and credential exfiltration.