creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-14 06:54:57 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
d5f3fa32486ea335db802d68fe2147fa2da69583
Anthropic-Cybersecurity-Skills/skills/performing-privileged-account-discovery/references/api-reference.md
T
mukul975 c21af3347e Complete folder anatomy for all 649 cybersecurity skills + update LICENSE to Mahipal 
- Add scripts/agent.py and references/api-reference.md to all remaining skills
- Update all 648 LICENSE files: copyright now reads 'Mahipal'
- Add implementing-security-monitoring-with-datadog (new skill with full anatomy)
- All 649 skills now have: SKILL.md, LICENSE, scripts/agent.py, references/api-reference.md
2026-03-11 00:22:12 +01:00

1.9 KiB
Raw Blame History

Privileged Account Discovery — API Reference

ldap3 Library

Python LDAP client used for querying Active Directory.

Connection Setup

from ldap3 import Server, Connection, ALL, SUBTREE
server = Server("ldaps://dc.example.com", get_info=ALL, use_ssl=True)
conn = Connection(server, user="DOMAIN\user", password="pass", auto_bind=True)

Key Search Filters

Purpose LDAP Filter
Privileged group (&(objectClass=group)(cn=Domain Admins))
Nested membership (memberOf:1.2.840.113556.1.4.1941:=<group_dn>)
Service accounts (&(objectClass=user)(servicePrincipalName=*))
AdminCount flag (&(objectClass=user)(adminCount=1))
Disabled accounts (&(objectClass=user)(userAccountControl:1.2.840.113556.1.4.803:=2))

LDAP Matching Rules (OIDs)

  • 1.2.840.113556.1.4.1941LDAP_MATCHING_RULE_IN_CHAIN (recursive group membership)
  • 1.2.840.113556.1.4.803LDAP_MATCHING_RULE_BIT_AND (bitwise AND for UAC flags)

UserAccountControl Flags

Flag Hex Description
ACCOUNTDISABLE 0x0002 Account is disabled
PASSWD_NOTREQD 0x0020 No password required
DONT_EXPIRE_PASSWORD 0x10000 Password never expires
NOT_DELEGATED 0x100000 Account is sensitive for delegation

Default Privileged Groups

Domain Admins, Enterprise Admins, Schema Admins, Administrators, Account Operators, Backup Operators, Server Operators, Print Operators, DnsAdmins.

Output Schema

{
  "report": "privileged_account_discovery",
  "domain": "DC=example,DC=com",
  "privileged_groups": [{"group": "Domain Admins", "member_count": 5, "members": []}],
  "service_accounts": [{"username": "svc_sql", "spns": ["MSSQLSvc/db01:1433"]}],
  "admin_count_users": ["oldadmin", "testuser"]
}

CLI Usage

python agent.py --server ldaps://dc.example.com --username "DOMAIN\analyst" --password "pass" --output report.json
Reference in New Issue View Git Blame Copy Permalink