The Agent Skills Directory

[COMMAND_EXECUTION]: The scripts/agent.py script uses subprocess.run() to execute system utilities and third-party security tools including wmic, tshark, and Impacket's wmiexec. These executions are driven by user-supplied arguments which allow for command execution on target hosts.\n- [REMOTE_CODE_EXECUTION]: The skill provides instructions and automation for WMI-based lateral movement (T1047), allowing for remote command execution on Windows targets as demonstrated in run_wmiexec_impacket. It also covers persistence via WMI event subscriptions.\n- [DATA_EXFILTRATION]: SKILL.md describes credential harvesting workflows, such as dumping SAM and SYSTEM registry hives to disk and extracting hashes with secretsdump.py. These techniques involve the access and removal of sensitive system security data.\n- [EXTERNAL_DOWNLOADS]: The agent relies on external security packages impacket and python-evtx for its core functionality, with installation instructions provided in the skill documentation.

performing-lateral-movement-with-wmiexec