The Agent Skills Directory

[DATA_EXFILTRATION] (CRITICAL): The skill provides explicit, step-by-step instructions for exfiltrating AWS credentials from the EC2 Metadata service (IMDSv1/v2) and Fargate environment variables. It also details methods for syncing sensitive S3 bucket data and extracting the Active Directory database (ntds.dit) via EBS snapshots.\n- [EXTERNAL_DOWNLOADS] (HIGH): Requires downloading and executing tools from untrusted GitHub repositories (e.g., RhinoSecurityLabs/pacu, NetSPI/aws_consoler, and andresriancho/enumerate-iam) which are not within the trusted source scope.\n- [REMOTE_CODE_EXECUTION] (HIGH): Includes Python code specifically designed for injection into AWS Lambda functions to gain administrative privileges and provides instructions for executing arbitrary commands on instances via AWS Systems Manager (SSM).\n- [COMMAND_EXECUTION] (HIGH): Detailed instructions are provided to 'cover tracks' by deleting CloudTrail trails or disabling logging, which is a hallmark of malicious intent to evade detection.\n- [CREDENTIALS_UNSAFE] (HIGH): Facilitates the creation of permanent backdoors by generating console sign-in URLs from stolen API keys and creating unauthorized IAM access keys for target users.

AWS Penetration Testing