Skills
skills/wgpsec/aboutsecurity/ad-trust-attack/Gen Agent Trust Hub

ad-trust-attack

Fail

Audited by Gen Agent Trust Hub on May 9, 2026

Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides numerous command-line templates for network and Active Directory exploitation tools, including ldeep, NetExec, Rubeus, mimikatz, and lookupsid.py. These commands are designed to enumerate and exploit trust relationships.
  • [DATA_EXFILTRATION]: The skill contains explicit instructions to use secretsdump.py and mimikatz to harvest sensitive cryptographic material such as krbtgt NTLM/AES256 hashes and Kerberos trust keys. This data is sufficient to forge Golden Tickets and gain full control over the AD forest.
  • [REMOTE_CODE_EXECUTION]: The instructions include methods for executing code on remote parent domain controllers. Specifically, raiseChild.py with the -target-exec flag, psexec.py -k, and the use of MSSQL xp_cmdshell to run arbitrary system commands on linked database servers.
  • [PRIVILEGE_ESCALATION]: The primary purpose of the skill is to facilitate lateral movement and privilege escalation. It documents how to bypass SID filtering and inject the Enterprise Admins SID (-519) into forged Kerberos tickets to gain administrative rights over a forest root domain.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
May 9, 2026, 08:28 AM