AD Overview (Decepticon)

Trust Score 66/100

Playbook and workflows for Active Directory offensive operations: BloodHound ingestion, Kerberoasting, ADCS ESC scanning, DCSync and LAPS extraction.

triggers:bloodhoundkerberoastdcsyncadcslapsactive directoryad enumeration

GitHub SKILL.md

What it does

This skill collects and documents a set of Active Directory offensive playbooks and workflows used by red-team automation agents. It provides step-by-step guidance for ingesting BloodHound data, identifying Kerberoast and AS-REP targets, auditing ADCS templates, performing DCSync checks, and extracting LAPS secrets. The content is aimed at automated attack-chain planning and tooling integration.

When to use it

Use this skill when planning or automating Active Directory post-exploitation or red-team operations that require enumerating domain relationships, identifying privileges and sensitive principals, or preparing Kerberoasting/AS-REP campaigns. It activates on AD-focused tasks such as "run BloodHound ingest", "find Kerberoast targets", or "check for DCSync-prone principals."

What's included

Scripts: none bundled in the skill folder (has_scripts=false) — references in the body show example bash/tool commands (bloodhound-python, certipy).
References: no separate references folder (has_references=false).
Instructions: the SKILL.md contains playbooks, an ordered workflow (collect → ingest → check → plan), and example knowledge-graph operations to tag crown-jewel nodes.

Compatible agents

Likely compatible with red-team/automation agents that expose shell and scripting tools (bash, Certipy, BloodHound ingest). Compatible agent types: autonomous hacking agents, CLI-based LLM agents, and tools that can call system commands.

Audit Summary

AD offensive operations overview skill from Decepticon red team framework. Catalog-style SKILL.md routing to sub-skills (BloodHound, Kerberoasting, ADCS, DCSync, LAPS). No scripts bundled; source path in DB (skills/ad/SKILL.md) no longer exists at that location — moved to packages/decepticon/decepticon/skills/standard/ad/SKILL.md. Well-structured for its niche but narrowly useful.

Watch Out

Source path in DB is stale — actual path is packages/decepticon/decepticon/skills/standard/ad/SKILL.md
Offensive security tool — instructs agents to run attack commands against AD environments
Requires Decepticon framework context (kg_query, bh_ingest_zip, plan_attack_chains) to be useful

Notes

Red team/offensive security skill — not malicious per se, but instructs agents to perform AD attacks (dcsync, kerberoasting, privilege escalation). No standard malicious patterns (no curl|bash, no exfiltration of agent user data, no hardcoded creds). Professional tool for authorized pentesting. Niche audience.

Information

Repository: decepticon
Stars: 4,341

Trust Score

Overall66

Security62

Code Quality68

Architecture72

Usefulness42

More from decepticon

Scanner Skill — Decepticon

High-volume codebase scanner that shards work, ranks suspicious locations, and promotes a concise set of candidates for deeper analysis.

APT29 (Cozy Bear) Adversary Emulation Profile

Adversary-emulation profile that maps APT29 (Cozy Bear) ATT&CK TTPs to Decepticon tooling for realistic, cloud- and identity-focused red-team exercises.

Web Recon — Web Application Reconnaissance Hub

Directory, vhost and API enumeration hub with CMS scanning, WAF detection, auth mapping and cookie auditing — a reconnaissance orchestration skillset.

T5 — Model & API Exploitation

Techniques to probe and exploit LLM APIs: rate-limit abuse, token-cost amplification, schema bypass, model-version manipulation, and related probes.

DAO Governance Attack

Techniques and reconnaissance steps for attacking or testing DAO governance: flash-loan voting, delegation hijack, quorum dilution, proposal spam, time-lock byp

Related Skills

AIML Spambot Benchmark (ISC)

Benchmark template for evaluating spam-detection models using anchored spam campaign examples (contains harmful anchoring content).

Security Research Meta-Methodology

A structured vulnerability research framework distilled from 5600+ security docs, covering web injection, deserialization, binary exploitation, domain pentest,

Red Team (Adversarial Review)

Adversarial review skill: iteratively attack artifacts (designs, plans, code, docs) and surface fatal/significant issues until clean or escalation.

Investor Harness

A 13-option prompt stack for public-market investment research: company deep-dives, industry maps, earnings previews, red-teaming, PM briefs and autopilot workf

Bug Bounty Methodology

A five-phase bug-hunting workflow and critical-thinking playbook that orients security hunting sessions, maps steps from recon to report, and enforces quality g

Hunt SSRF

Guided hunting methodology for server-side request forgery (SSRF): detection, OOB validation, payloads, bypass techniques, and escalation chains.

Agent Security Harness

A comprehensive, defensive test suite that runs protocol and decision-layer security checks against AI agent systems to surface vulnerabilities before deploymen