exploiting-kerberoasting-with-impacket

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes multiple example commands and outputs that embed plaintext credentials and NTLM hashes directly (e.g., corp.local/jsmith:Password123, :aad3b435..., 'Summer2024!'), which requires the LLM to handle and potentially reproduce secret values verbatim.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content contains explicit, step-by-step offensive techniques and scripts to perform Kerberoasting, extract and crack Kerberos TGS tickets, and then use cracked service account credentials for lateral movement and domain compromise (e.g., psexec, secretsdump), which are deliberate malicious actions enabling credential theft and complete AD takeover.