Claims
The skill claims to enable privilege escalation in Active Directory by abusing Shadow Credentials. It specifically claims to write alternate certificate keys to the `msDS-KeyCredentialLink` attribute using tools like pyWhisker, Whisker, and Certipy, and then authenticate via PKINIT to achieve account takeover without resetting the password.
Actual behavior
The skill provides a structured workflow and bash commands to: 1) List existing credentials, 2) Add a shadow credential (writing to AD), 3) Request a TGT via PKINIT, 4) Extract the NT hash, and 5) Clean up. The code snippets are standard, safe CLI invocations of well-known security tools (pyWhisker, Certipy, PKINITtools). It does not execute arbitrary code, does not exfiltrate secrets to external endpoints (it uses local files/ccaches), and the operations are reversible (cleanup step).
No non-informational findings.