Skills
skills/wgpsec/aboutsecurity/ad-delegation-attack/Gen Agent Trust Hub

ad-delegation-attack

Pass

Audited by Gen Agent Trust Hub on May 8, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: Provides a comprehensive set of command-line instructions for utilizing external security tools such as impacket scripts, Rubeus.exe, and coercer to perform complex Active Directory attacks.
  • [DATA_EXFILTRATION]: Describes procedures for extracting highly sensitive authentication material, including Kerberos Ticket Granting Tickets (TGTs) from system memory and dumping domain-wide credentials via DCSync.
  • [COMMAND_EXECUTION]: Includes playbooks for triggering 'forced authentication' from remote systems (e.g., Domain Controllers) using tools like PetitPotam and SpoolSample to intercept authentication requests.
  • [DATA_EXFILTRATION]: Details the manipulation of sensitive Kerberos attributes and the conversion/reuse of captured tickets to impersonate administrative users for privilege escalation.
Audit Metadata
Risk Level
SAFE
Analyzed
May 8, 2026, 03:43 AM