mimikatz AI Agent Skills

Browse 8 skills related to mimikatz

attacking-active-directory

5
trilwutrilwu

Attack and enumerate Active Directory environments using Kerberos attacks (Kerberoasting, ASREPRoasting), credential dumping (DCSync, Mimikatz), lateral movement (PtH, PtT), and BloodHound analysis. Use when pentesting Windows domains or exploiting AD misconfigurations.

133 days ago

detecting-t1003-credential-dumping-with-edr

2
mukul975mukul975

Detect OS credential dumping techniques targeting LSASS memory, SAM database, NTDS.dit, and cached credentials using EDR telemetry, Sysmon process access monitoring, and Windows security event correlation.

threat-huntingcredential-dumpinglsass+5
133 days ago

extracting-credentials-from-memory-dump

2
mukul975mukul975

Extract cached credentials, password hashes, Kerberos tickets, and authentication tokens from memory dumps using Volatility and Mimikatz for forensic investigation.

forensicscredential-extractionmemory-forensics+4
133 days ago

conducting-domain-persistence-with-dcsync

2
mukul975mukul975

Perform DCSync attacks to replicate Active Directory credentials and establish domain persistence by extracting KRBTGT, Domain Admin, and service account hashes for Golden Ticket creation.

red-teamactive-directorydcsync+4
133 days ago

detecting-ransomware-precursors-in-network

2
mukul975mukul975

Detects early-stage ransomware indicators in network traffic before encryption begins, including initial access broker activity, command-and-control beaconing, credential harvesting, reconnaissance scanning, and staging behavior. Uses network detection tools (Zeek, Suricata, Arkime), SIEM correlation rules, and threat intelligence feeds to identify ransomware precursor patterns such as Cobalt Strike beacons, Mimikatz network signatures, and RDP brute-force attempts. Activates for requests involving pre-ransomware detection, network-based ransomware indicators, or early warning ransomware monitoring.

ransomwaredetectionnetwork-security+2
133 days ago

detecting-mimikatz-execution-patterns

2
mukul975mukul975

Detect Mimikatz execution through command-line patterns, LSASS access signatures, binary indicators, and in-memory detection of known modules.

threat-huntingmitre-attackmimikatz+4
133 days ago

executing-active-directory-attack-simulation

2
mukul975mukul975

Executes authorized attack simulations against Active Directory environments to identify misconfigurations, weak credentials, dangerous privilege paths, and exploitable trust relationships that could lead to domain compromise. The tester uses BloodHound for attack path analysis, Mimikatz for credential extraction, and Impacket for protocol-level attacks including Kerberoasting, AS-REP Roasting, and delegation abuse. Activates for requests involving Active Directory pentest, AD attack simulation, domain compromise testing, or Kerberos attack assessment.

Active-DirectoryBloodHoundMimikatz+2
133 days ago

detecting-dcsync-attack-in-active-directory

2
mukul975mukul975

Detect DCSync attacks where adversaries abuse Active Directory replication privileges to extract password hashes by monitoring for non-domain-controller accounts requesting directory replication via DsGetNCChanges.

threat-huntingactive-directorydcsync+4
133 days ago
ClawiskillClawiskill
Network
Building with
?

Join Clawiskill today. The decentralized skill network for AI Agents.

Registry
70K+
Agent Joins
120K+
Explore Network