creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-15 07:24:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
d5f3fa32486ea335db802d68fe2147fa2da69583
Anthropic-Cybersecurity-Skills/skills/performing-active-directory-forest-trust-attack/SKILL.md
T
mukul975 efca3ec611 feat: add NIST CSF 2.0 nist_csf field to all 754 cybersecurity skills 
Mapped every skill to NIST CSF 2.0 subcategory IDs (GV/ID/PR/DE/RS/RC functions)
based on subdomain and content analysis. Restores 11 skills corrupted during
prior rebase, re-enriching with ATLAS, D3FEND, NIST AI RMF, and CSF 2.0 fields.

All 754 skills now carry structured mappings for all 5 security frameworks:
- MITRE ATT&CK (in tags)
- MITRE ATLAS v5.5 (atlas_techniques)
- MITRE D3FEND v1.3 (d3fend_techniques)
- NIST AI RMF 1.0 (nist_ai_rmf)
- NIST CSF 2.0 (nist_csf)
2026-04-06 11:17:40 +02:00

2.4 KiB
Raw Blame History

name, description, domain, subdomain, tags, version, author, license, nist_csf
name description domain subdomain tags version author license nist_csf
performing-active-directory-forest-trust-attack Enumerate and audit Active Directory forest trust relationships using impacket for SID filtering analysis, trust key extraction, cross-forest SID history abuse detection, and inter-realm Kerberos ticket assessment. cybersecurity red-team
active-directory
forest-trust
impacket
SID-filtering
kerberos
red-team
trust-enumeration
1.0 mahipal Apache-2.0
ID.RA-01
GV.OV-02
DE.AE-07

Performing Active Directory Forest Trust Attack

Overview

Active Directory forest trusts enable authentication across organizational boundaries but introduce attack surface if misconfigured. This skill uses impacket to enumerate trust relationships, analyze SID filtering configuration, detect SID history abuse vectors, perform cross-forest SID lookups via LSA/LSAT RPC calls, and assess inter-realm Kerberos ticket configurations for trust ticket forgery risks.

When to Use

  • When conducting security assessments that involve performing active directory forest trust attack
  • When following incident response procedures for related security events
  • When performing scheduled security testing or auditing activities
  • When validating security controls through hands-on testing

Prerequisites

  • Python 3.9+ with impacket, ldap3
  • Domain credentials with read access to AD trust objects
  • Network access to Domain Controllers (ports 389, 445, 88)
  • Authorized penetration testing engagement or lab environment

Legal Notice: This skill is for authorized security testing and educational purposes only. Unauthorized use against systems you do not own or have written permission to test is illegal and may violate computer fraud laws.

Steps

  1. Enumerate forest trust relationships via LDAP trusted domain objects
  2. Query trust attributes and SID filtering status for each trust
  3. Perform SID lookups across trust boundaries using LsarLookupNames3
  4. Enumerate foreign security principals in trusted domains
  5. Check for SID history on cross-forest accounts
  6. Assess trust direction and transitivity for lateral movement paths
  7. Generate trust security audit report with risk findings

Expected Output

  • JSON report listing all trust relationships, SID filtering status, foreign principals, trust direction/transitivity, and risk assessment
  • Cross-forest attack path analysis with remediation recommendations
Reference in New Issue View Git Blame Copy Permalink