ad-delegation-attack

该技能与其声明的目的相符，但声明的目的本身就是进攻性域渗透与委派滥用。未见明显第三方凭据中转或可疑安装链，恶意软件迹象不强；但其核心能力是为 AI 代理提供高危攻击、凭据获取和横向移动流程，应判定为高风险、可被滥用于未经授权入侵的技能。

This “code fragment” is an offensive Kerberos constrained delegation abuse playbook, complete with actionable impacket/Rubeus command patterns and altservice ticket manipulation guidance. There is no evidence of classic supply-chain malware behaviors (no direct code-level exfiltration/persistence in the provided text), but the content is highly operational and facilitates unauthorized impersonation and lateral movement. If found inside a package, it should be treated as a high-risk, intent-signaling artifact and reviewed/removed.

This fragment is an explicit Active Directory exploitation playbook for RBCD abuse: it instructs how to modify high-impact AD delegation settings, obtain Kerberos impersonation tickets (S4U), use them for credential dumping and remote execution, optionally perform Shadow Credentials injection, and perform thorough cleanup to evade detection. If present in or distributed with a software dependency, it represents a severe security risk aligned with malicious intrusion activity rather than legitimate functionality.

This fragment is high-confidence malicious content: it is a weaponized Active Directory exploitation playbook that instructs coercing authentication to an unconstrained delegation host, extracting Kerberos TGTs from LSASS, injecting them via pass-the-ticket, and performing DCSync/replication-based credential dumping. If present in a dependency or package, it represents extreme supply-chain security risk and should be treated as credential theft/domain compromise guidance.