Active Directory Attacks
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (HIGH): The skill provides specific, executable command strings for high-impact offensive operations, including:
- DCSync Attacks: Extracting hashes directly from Domain Controllers via
secretsdump.pyandlsadump::dcsync. - Ticket Forgery: Creating 'Golden' and 'Silver' Kerberos tickets for persistent domain-wide administrative access.
- Credential Harvesting: Commands for Kerberoasting, AS-REP roasting, and password spraying.
- Lateral Movement: Pass-the-Hash and OverPass-the-Hash techniques using Impacket and Rubeus.
- [REMOTE_CODE_EXECUTION] (MEDIUM): The documentation directs the user to run multiple external exploitation scripts (e.g.,
cve-2020-1472-exploit.py,sam_the_admin.py,CVE-2021-1675.py). While it does not provide download URLs, it encourages the execution of unverified third-party code. - [EXTERNAL_DOWNLOADS] (LOW): References a large ecosystem of third-party security tools (Impacket, BloodHound, Mimikatz, Rubeus, CrackMapExec) which are listed as prerequisites but not directly downloaded via the skill scripts.
Audit Metadata