disk-forensics-evasion
Fail
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructs on techniques for executing remote payloads directly from external URLs without writing to disk, such as piping curl output into bash and using Python or Perl to fetch and execute scripts.\n- [COMMAND_EXECUTION]: Provides instructions for destructive system operations aimed at concealing activity, including deleting all Volume Shadow Copies using vssadmin, clearing Windows Security, System, and Application logs via wevtutil, and deleting the NTFS USN Journal.\n- [DATA_EXFILTRATION]: Detailed guidance is provided on accessing and extracting sensitive artifacts such as /etc/shadow, SSH keys, AWS credentials, and registry hives containing execution metadata.\n- [COMMAND_EXECUTION]: Documentation includes methods for manipulating file system timestamps (atime, mtime, ctime) and disabling shell command history to thwart forensics analysis.
Recommendations
- AI detected serious security threats
Audit Metadata