cobalt-strike

该技能并非普通开发/运维指导，而是面向 AI 代理的完整进攻性 C2 与后渗透手册。安装来源本身不是主要问题；核心风险在于它系统性提供凭据窃取、横向移动、隐蔽通信和规避检测能力，可直接用于真实入侵行动。应判定为高风险、可被滥用的进攻性安全技能，而非确认型恶意软件。

Highly suspicious from a supply-chain cybersecurity perspective. This artifact is a Cobalt Strike Aggressor Script guide containing multiple actionable offensive workflows: remote execution primitives, privilege escalation and WMI lateral movement patterns, payload/stager generation and deployment, artifact writing, and an explicit webhook-based exfiltration/notification example transmitting internal/external host and user/computer metadata. It also demonstrates insecure handling of password-like dialog inputs by printing them to logs/UI. No obfuscation is evident; the risk is functional capability and operational misuse potential.

The provided content is an attacker operational playbook for Cobalt Strike Beacon, explicitly covering credential theft (including DCSync), token/ticket abuse (including golden tickets and Pass-the-Hash), surveillance (keylogging/screenshots), lateral movement (psexec/WinRM/WMI and service/task deployment), and pivoting via C2 routing. As a dependency artifact, it would represent an extremely high misuse/compromise facilitation risk. Treat any package containing this material as malicious or unacceptable without strong provenance, isolation, and content controls.