post-exploit-windows

该技能不是通用运维或取证指南，而是面向 AI 代理的 Windows 后渗透手册，核心能力包括提权、凭据提取、规避检测和域侦察。其能力与目的表面一致，但目的本身属于高风险攻击用途；再叠加第三方攻击工具依赖和跨技能扩展，整体应判为 SUSPICIOUS 且高安全风险，而非确认型恶意软件。

This fragment is a clearly malicious/offensive playbook that instructs an operator how to harvest Windows credentials and perform Active Directory reconnaissance. It enumerates multiple high-value credential sources and provides explicit commands and tooling to extract secrets. If found in an open-source dependency, it constitutes a severe security and trust issue: the content facilitates credential theft and domain compromise and should be treated as malicious guidance. Remediation: remove the content, investigate repository history and authorship, audit for any accompanying automation that executes these commands, and consider revoking/rotating exposed credentials in environments where the package was used.

High-risk malicious-use content. This file is a static dataset of explicit Windows post-exploitation/credential theft guidance (UAC bypass via HKCU + fodhelper.exe, token impersonation tool selection, and LSASS dumping via rundll32/comsvcs.dll MiniDump). While it contains no executable code in the snippet, it is directly actionable for offensive operations if consumed by an agent or used to generate commands.

This artifact is a highly actionable offensive Windows LPE/post-exploitation and persistence guide. It provides multiple exploitation paths (Potato variants, PrintSpoofer), UAC bypass staging, service and registry persistence abuse, DLL hijacking guidance, and example payload deployment including creation of an administrative backdoor account and reverse-shell MSI installation. As a supply-chain dependency, it represents an extreme security risk because it meaningfully facilitates unauthorized compromise and elevation on target systems.