Skill Trust Index / detail

mukul975/Anthropic-Cybersecurity-Skills/abusing-shadow-credentials-for-privesc

95
trusted analyzed 2h ago
WHY THIS SCORE

Claims

The skill claims to enable privilege escalation in Active Directory by abusing Shadow Credentials. It specifically claims to write alternate certificate keys to the `msDS-KeyCredentialLink` attribute using tools like pyWhisker, Whisker, and Certipy, and then authenticate via PKINIT to achieve account takeover without resetting the password.

Actual behavior

The skill provides a structured workflow and bash commands to: 1) List existing credentials, 2) Add a shadow credential (writing to AD), 3) Request a TGT via PKINIT, 4) Extract the NT hash, and 5) Clean up. The code snippets are standard, safe CLI invocations of well-known security tools (pyWhisker, Certipy, PKINITtools). It does not execute arbitrary code, does not exfiltrate secrets to external endpoints (it uses local files/ccaches), and the operations are reversible (cleanup step).

Findings

No non-informational findings.

Attestation

signer 0xB62e1c338a83D3a6621f9127eEa5B000caCfCd01
digest 0xadd62a7e2729dc4cc69be977ab5ae0d72245bfd562e273ae0d3c3b78781ad83d
verify: GET /skill/verify?digest=…&signature=… · scheme eip191-sha256

← Back to the index