Claims
Extract DPAPI-protected secrets (credentials, browser data, vaults) from Windows systems using tools like SharpDPAPI, Mimikatz, and Impacket. It supports online, offline (password/hash), and domain-wide (backup key) decryption paths.
Actual behavior
The skill manifest describes a standard, well-documented red-teaming workflow for credential access. It references established, reputable tools (GhostPack, Gentilkiwi, Impacket) and standard Windows directories. The workflow involves running specific commands (`triage`, `masterkeys`) to decrypt data in place or output results. There are no scripts provided in the snippet that execute arbitrary code or send data to external endpoints. The legal notice and MITRE mapping add context without altering the core function.
No non-informational findings.