azure-hybrid-lateral

该技能的能力与声明目的高度一致，但其目的本身就是为 AI 代理提供云到本地 AD 的攻击与横向移动方法。安装来源大多可验证，恶意分发证据不强；然而凭据提取、令牌伪造、后门安装和对真实身份系统的攻击操作使其整体属于高风险 offensive skill，应判为 SUSPICIOUS 而非确认恶意软件。

The provided “source code” is not benign software. It is an explicit offensive playbook instructing how to steal and reuse Azure Entra/AD authentication artifacts (PRT/refresh tokens/cookies/certificates/Kerberos trust-related material) to bypass authentication controls (including MFA/session-state bypass in described flows), impersonate users, obtain access tokens, and potentially escalate privileges. This should be treated as highly malicious and unsafe for distribution or inclusion in any legitimate dependency.

The supplied text is not a legitimate software dependency implementation; it is a detailed adversary playbook for hybrid identity compromise, including credential/hash theft, DCSync abuse, federation/SAML forgery, PTA interception/backdoor persistence, Entra Service Principal certificate persistence, and password synchronization DLL manipulation for data exfiltration. If present in a dependency/package, it represents an extreme supply-chain security concern and should be treated as malicious content/intent. The exact presence of executable malware cannot be confirmed from the excerpt alone, but the operational instructions are directly harmful.