privilege-escalation-methods
Fail
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill provides numerous commands to manipulate system configurations, abuse sudo permissions for common binaries, and establish persistence through scheduled tasks and cron jobs. Evidence includes the use of sudo vim, sudo find, and schtasks to execute arbitrary commands with elevated privileges.
- [DATA_EXFILTRATION]: Instructions are included to access and extract sensitive files and databases containing user credentials and identity information. Evidence includes commands to copy the Active Directory ntds.dit database, SSH private keys from the root directory, and system registry hives.
- [REMOTE_CODE_EXECUTION]: The skill details how to download and execute arbitrary scripts from remote sources. Evidence includes the use of PowerShell's Invoke-Expression to run code directly from an external URL.
- [EXTERNAL_DOWNLOADS]: The skill references and encourages the use of various third-party offensive security tools for post-exploitation and credential harvesting. Evidence includes the mention of Mimikatz, Responder, Impacket, and Rubeus.
Recommendations
- AI detected serious security threats
Audit Metadata