home/categories/debugging/mukul975-anthropic-cybersecurity-skills-skills-performing-active-directory-compromise-investigation-skill-md
debuggingtools
performing-active-directory-compromise-investigation
Investigate Active Directory compromise by analyzing authentication logs, replication metadata, Group Policy changes, and Kerberos ticket anomalies to identify attacker persistence and lateral movement paths.
maintainer
mukul975
Updated 4/6/2026
Stars
4240
Forks
464
quick start
Installation and usage
Investigate Active Directory compromise by analyzing authentication logs, replication metadata, Group Policy changes, and Kerberos ticket anomalies to identify attacker persistence and lateral movement paths.
Installation
$ install --globalskills.sh
Usage
Once installed, you can use this skill by running the following command in your terminal:
skills use performing-active-directory-compromise-investigation