active-directory-attacks
Fail
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFEDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill documents numerous commands for exploiting Active Directory services and known vulnerabilities (e.g., ZeroLogon, PrintNightmare) using offensive tools like Impacket and CrackMapExec.
- [REMOTE_CODE_EXECUTION]: In the PrintNightmare exploit section, the skill provides a command to execute a remote DLL hosted on an attacker-controlled share (\attacker\share\evil.dll).
- [CREDENTIALS_UNSAFE]: Extensive instructions are provided for extracting and cracking sensitive domain credentials, NTLM hashes, and Kerberos tickets using Mimikatz, Rubeus, and secretsdump.py.
- [DATA_EXFILTRATION]: The skill facilitates large-scale domain enumeration and metadata collection using BloodHound and PowerView to map attack paths.
- [PERSISTENCE_MECHANISMS]: Instructions include the creation of unauthorized backdoor user accounts and the abuse of Group Policy Objects to maintain long-term access to the target environment.
Recommendations
- AI detected serious security threats
Audit Metadata