ad-attacks

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes many commands that embed passwords, API-like secrets, and hashes directly (e.g., -p "$PASS", -U "$DOMAIN/$USER:$PASS", literal "NewPass123!" and "Winter2025!"), so an agent would need to handle and output secret values verbatim in generated commands—creating a high exfiltration risk.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This document is an explicit offensive Active Directory playbook containing step‑by‑step commands and techniques for credential theft (AS‑REP/Kerberoast/secretsdump), privilege escalation (ACE/DACL abuse, RBCD, DCSync), lateral movement, certificate‑based escalation (ADCS ESC1–8), and persistence (Golden Tickets, GPO startup scripts), and therefore is deliberately malicious and enables full domain compromise.