hunting-for-dcom-lateral-movement

Fail

Audited by Snyk on Jun 21, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 1.00). The document is dual-use but contains explicit offensive techniques (PowerShell attack simulations that instantiate DCOM objects to execute arbitrary commands remotely), references to offensive tooling (Impacket dcomexec, Cobalt Strike), and mentions of credential theft and encoded PowerShell — all of which enable remote code execution and lateral movement and can be directly abused.

MEDIUM W013: Attempt to modify system services in skill instructions.

  • Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill includes explicit instructions to deploy Sysmon configuration and to modify system state (e.g., running sysmon64.exe -c, changing HKLM registry keys, New-NetFirewallRule, Set-ItemProperty to disable DCOM and adjust RPC ports), all of which require administrative privileges and alter the host configuration, so it pushes the agent to perform privileged, state-changing operations.

Issues (2)

E006
CRITICAL

Malicious code pattern detected in skill scripts.

W013
MEDIUM

Attempt to modify system services in skill instructions.

Audit Metadata
Risk Level
CRITICAL
Analyzed
Jun 21, 2026, 04:04 PM
Issues
2
Security Audit — snyk — hunting-for-dcom-lateral-movement