ad-trust-attack

This fragment is an offensive, step-by-step cross-forest Active Directory compromise playbook covering multiple methods to forge/inject Kerberos tickets, capture TGTs via unconstrained delegation coercion, abuse MSSQL linked servers (including xp_cmdshell execution), and exploit cross-trust AD ACL/ownership to take control/reset privileged credentials. It is not benign software functionality and is highly likely to materially enable unauthorized intrusion if included in a dependency. Treat as a critical supply-chain security issue requiring removal and investigation.

该技能不是普通管理或检测指南，而是专门让 AI 代理执行 Active Directory 域信任攻击的 offensive skill。目的与能力一致，但其实际作用是票据伪造、凭据转储、DCSync、跨域/跨林横向移动和远程命令执行；同时还把高敏感凭据直接交给外部工具。应判定为高风险、可用于未授权入侵的技能。

This fragment is an explicit AD Kerberos ticket forgery/privilege-escalation playbook (Golden/Diamond/Trust Tickets) that requires extracting high-value domain secrets (krbtgt/trust keys) and then uses forged/injected tickets to authenticate and perform privileged remote actions against the parent domain. It strongly indicates malicious intent and would be considered extremely dangerous if included in a software supply-chain artifact (documentation, scripts, or embedded payloads).