スキル active-directory-attacks
🛡️

active-directory-attacks

低リスク ⚙️ 外部コマンド🌐 ネットワークアクセス📁 ファイルシステムへのアクセス

Execute Active Directory penetration testing and red team assessments

Security teams need comprehensive reference material for authorized Active Directory assessments. This skill provides documented attack techniques and tool commands for penetration testers conducting red team operations.

対応: Claude Codex Code(CC)
⚠️ 67 貧弱
1

スキルZIPをダウンロード

2

Claudeでアップロード

設定 → 機能 → スキル → スキルをアップロードへ移動

3

オンにして利用開始

テストする

「active-directory-attacks」を使用しています。 Show me Kerberoasting commands for domain example.local

期待される結果:

  • Using Impacket from Linux: GetUserSPNs.py example.local/user:password -dc-ip 10.10.10.10 -request -outputfile hashes.txt
  • Using Rubeus from Windows: .\Rubeus.exe kerberoast /outfile:hashes.txt
  • Cracking with hashcat: hashcat -m 13100 hashes.txt rockyou.txt

「active-directory-attacks」を使用しています。 How do I perform a DCSync attack?

期待される結果:

  • DCSync requires Replicating Directory Changes rights. Using Impacket: secretsdump.py example.local/admin:password@10.10.10.10 -just-dc
  • Using Mimikatz: lsadump::dcsync /domain:example.local /user:krbtgt
  • This extracts all domain password hashes including krbtgt for Golden Ticket creation

セキュリティ監査

低リスク
v1 • 2/24/2026

This skill contains documentation and reference material for Active Directory penetration testing techniques. Static analysis flagged 200+ patterns (PowerShell commands, tool references, IP addresses) but all are FALSE POSITIVES - the files are markdown documentation, not executable code. Content describes legitimate security tools (BloodHound, Impacket, Mimikatz) used by penetration testers. Risk is LOW because: (1) files are read-only reference material, (2) no code execution occurs, (3) content is educational for authorized security testing. Recommend adding disclaimer about authorized use only.

2
スキャンされたファイル
772
解析された行数
9
検出結果
1
総監査数

高リスクの問題 (2)

SKILL.md:40SKILL.md:163-165
Static Analysis False Positives - Malware Tool References
Static scanner flagged Mimikatz and other security tool references as 'malware type keywords'. These are legitimate penetration testing tools documented for educational purposes, not actual malware distribution.
SKILL.md:85-106SKILL.md:176-180references/advanced-attacks.md:23-59
Static Analysis False Positives - PowerShell Commands
PowerShell invocation patterns flagged by static analysis are documentation examples in markdown code blocks, not executable code. These describe attack techniques for educational purposes.
中リスクの問題 (2)
SKILL.md:114-166references/advanced-attacks.md:18-195
Documentation Contains Attack Command Examples
The skill documents detailed attack commands for credential harvesting, Kerberos attacks, and lateral movement. While educational, this content could be misused without proper authorization context.
SKILL.md:56SKILL.md:80SKILL.md:200-206
Hardcoded IP Address Examples
Documentation contains example IP addresses (10.10.10.10, 10.10.10.12) as placeholders. These are instructional examples, not actual targets.
低リスクの問題 (2)
references/advanced-attacks.md:10references/advanced-attacks.md:344
References to Sensitive System Files
Documentation references Windows SAM database and registry paths in the context of explaining attack techniques. These are educational references, not actual file access attempts.
SKILL.md:193references/advanced-attacks.md:277
Weak Cryptography References
Documentation mentions RC4 and other weak algorithms in Kerberos attack contexts. These describe real-world vulnerabilities, not recommendations to use weak crypto.

リスク要因

⚙️ 外部コマンド (4)
SKILL.md:54-66 SKILL.md:70-81 SKILL.md:85-106 references/advanced-attacks.md:23-68
🌐 ネットワークアクセス (4)
SKILL.md:56 SKILL.md:80 SKILL.md:116-119 references/advanced-attacks.md:233
📁 ファイルシステムへのアクセス (2)
references/advanced-attacks.md:355-358 references/advanced-attacks.md:378

検出されたパターン

Credential Dumping CommandsKerberos Ticket Forgery
監査者: claude

品質スコア

41
アーキテクチャ
100
保守性
87
コンテンツ
50
コミュニティ
56
セキュリティ
91
仕様準拠

作れるもの

Red Team Assessment Planning

Security consultants preparing for authorized AD assessments use this skill to plan attack paths and select appropriate tools for engagement scope.

Blue Team Defense Research

Defensive security teams study attack techniques to understand adversary TTPs and improve detection rules for their SIEM and EDR platforms.

Security Training and Education

Instructors use documented techniques to teach students about AD vulnerabilities and proper remediation strategies in controlled lab environments.

これらのプロンプトを試す

Basic AD Reconnaissance 
I need to perform authorized Active Directory reconnaissance. What BloodHound commands should I use to enumerate domain users, groups, and computers? Target domain is example.local with credentials user:password.
Kerberoasting Attack 
Show me how to perform Kerberoasting against an Active Directory domain. Include commands for extracting TGS tickets with Impacket and cracking them with hashcat.
Lateral Movement Strategy 
I have compromised a low-privilege domain user. What are the recommended lateral movement techniques to escalate privileges? Compare pass-the-hash, overpass-the-hash, and delegation attacks.
Domain Dominance Planning 
Explain how to achieve domain dominance using DCSync and Golden Ticket attacks. Include the prerequisites, commands, and detection avoidance considerations for each technique.

ベストプラクティス

  • Always obtain written authorization before executing any AD attack techniques against production environments
  • Document all compromised accounts and accessed systems for client reporting and remediation guidance
  • Synchronize time with domain controller before Kerberos attacks to avoid clock skew failures
  • Use stealth techniques like user enumeration limits to avoid account lockouts during password spraying
  • Restore any modified system state (like ZeroLogon password changes) after testing completion

回避

  • Never execute attack commands against environments without explicit written authorization from the owner
  • Do not run aggressive password spraying that could lock out legitimate user accounts
  • Avoid leaving Golden Tickets or other persistence mechanisms without documenting them for removal
  • Do not modify production Active Directory objects, GPOs, or configurations without approval

よくある質問

Is this skill legal to use?
This skill provides educational documentation for security professionals. Only use these techniques against systems you own or have explicit written authorization to test. Unauthorized access to computer systems is illegal.
What tools do I need to execute these attacks?
Common tools include Impacket (Python), Mimikatz (Windows), Rubeus (Windows), BloodHound/SharpHound, CrackMapExec, and hashcat. Most are available on Kali Linux by default.
Can this skill automatically run attacks?
No. This skill provides reference documentation only. It does not execute any commands automatically. Users must manually run commands in their own environment.
What is the difference between Kerberoasting and AS-REP Roasting?
Kerberoasting targets service accounts with SPNs by requesting crackable TGS tickets. AS-REP Roasting targets user accounts with 'Do not require Kerberos preauthentication' enabled by requesting crackable AS-REP responses.
How do I detect these attacks in my environment?
Enable advanced audit policies for Kerberos authentication, monitor for unusual TGS requests, track DCSync patterns (replication traffic), and use BloodHound defensively to identify attack paths before adversaries do.
What is a Golden Ticket and why is it dangerous?
A Golden Ticket is a forged Kerberos TGT created with the krbtgt password hash. It grants persistent domain admin access that survives password changes. Detection requires monitoring for abnormal ticket lifetimes and encryption types.

開発者の詳細

作成者

sickn33

ライセンス

MIT

リポジトリ

https://github.com/sickn33/antigravity-awesome-skills/tree/main/skills/active-directory-attacks

参照

main

ファイル構成

📁 references/

📄 advanced-attacks.md

📄 SKILL.md