exploiting-constrained-delegation-abuse

SUSPICIOUS: the skill is internally coherent for a red-team purpose, but that purpose is to give an AI agent offensive exploitation capability against Active Directory. The main risk is not deception or exfiltration to a third party; it is enabling credential use, ticket impersonation, lateral movement, and credential dumping against live systems. No strong evidence of malware or hidden credential theft, but the security risk is high because the skill operationalizes attack techniques.

This document is an actionable offensive playbook for enumerating and abusing Kerberos delegation (S4U and RBCD). While it contains defender-oriented detection pointers, the inclusion of exact commands to acquire or forge Kerberos tickets and to write RBCD attributes enables high-impact attacks (privilege escalation, lateral movement, persistent impersonation) if executed in an Active Directory environment. The text itself is not executable malware, but it materially facilitates severe compromise and should be treated as high-risk instructional material; distribution or execution in production environments without explicit, authorized testing controls is dangerous.

This fragment is a high-risk, actionable description of Kerberos constrained delegation abuse and an SPN-modification technique to achieve domain escalation (DCSync). It is not executable code, so there are no immediate code-level indicators (secrets, network calls, obfuscation), but the operational guidance can enable full domain compromise by a malicious actor with sufficient access. Treat presence of such instructions as sensitive: restrict access, add clear research/lab labeling and mitigations, or remove if not appropriate for the repository's audience.