relaying-ntlm-for-adcs-esc8

Fail

Audited by Snyk on Jun 25, 2026

Risk Level: CRITICAL
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 1.00). The prompt includes examples and workflow steps that embed plaintext credentials on command lines (e.g., -p 'Password123!'), instructs capturing and echoing base64 certificates (sensitive secrets), and thus requires or encourages the LLM to handle and output secret values verbatim.

CRITICAL E005: Suspicious download URL detected in skill instructions.

  • Suspicious download URL detected (high risk: 0.70). These are mostly legitimate security-research pages and GitHub repositories (Impacket, Certipy, PetitPotam, Coercer, SpecterOps/Dirk-jan blogs and PDFs, Apache license) rather than obscure/shortened executable hosting, but they host dual‑use offensive tooling and reference internal CA enrollment endpoints used in ESC8 — so while not classic malware-distribution links, they are high‑risk in that they can directly enable credential theft and domain compromise if used without authorization.

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 1.00). This repository and scripts intentionally orchestrate NTLM coercion and NTLM-relay to AD CS to capture a domain controller machine certificate, convert it to a Kerberos TGT/NT hash, and enable DCSync — a clear, high-risk credential theft and domain-compromise workflow usable for unauthorized takeover.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (medium risk: 0.65). The required runtime workflow runs scripts/agent.py, which executes ntlmrelayx --adcs and then ingests outsider-authored free text from the relay tool’s stdout (including the “Base64 certificate …” line) into the agent’s LLM context; that stdout is produced by an external network interaction with the CA/target and is not authored by the operating user.

Issues (4)

W007
HIGH

Insecure credential handling detected in skill instructions.

E005
CRITICAL

Suspicious download URL detected in skill instructions.

E006
CRITICAL

Malicious code pattern detected in skill scripts.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
CRITICAL
Analyzed
Jun 25, 2026, 06:48 PM
Issues
4
Security Audit — snyk — relaying-ntlm-for-adcs-esc8