Skills
skills/wgpsec/aboutsecurity/ad-persistence/Gen Agent Trust Hub

ad-persistence

Warn

Audited by Gen Agent Trust Hub on May 9, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides specific command-line syntax for creating backdoors using standard Windows utilities like schtasks, reg, and sc. These allow for code execution at system startup or on a recurring schedule.
  • [COMMAND_EXECUTION]: It includes procedures for using offensive tools such as Mimikatz and Rubeus to perform advanced domain-level attacks, including Skeleton Key memory injection and Golden Ticket forgery, which facilitate persistent high-privileged access.
  • [DATA_EXFILTRATION]: Instructions are provided for extracting critical domain credentials, such as krbtgt hashes and DSRM administrator hashes, which can be used to bypass authentication mechanisms indefinitely.
  • [REMOTE_CODE_EXECUTION]: The skill documents methods for executing arbitrary payloads through persistence triggers like WMI event subscriptions and COM hijacking, often utilizing PowerShell commands to deliver remote code.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 9, 2026, 08:28 AM