active-directory-kerberos-attacks

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The playbook contains numerous command examples that require embedding plaintext secrets (NTLM/krbtgt/service hashes, passwords, base64 ticket blobs) directly into CLI and tool arguments, forcing the agent to handle and output secret values verbatim.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content is an explicit offensive playbook that documents step-by-step techniques to steal credentials (hashes, tickets), forge Kerberos tickets (golden/silver/diamond/sapphire), perform DCSync and RBCD, coerce authentication, and gain/maintain unauthorized domain-admin access—i.e., deliberate malicious abuse and backdoor/persistence methods.