dreadnode · l50 · Apr 23, 2026 · Apr 22, 2026 · Apr 22, 2026 · Apr 22, 2026
@@ -25,6 +25,7 @@ if [ -n "$_blue_model" ] && [ "$_blue_model" = "${_blue_model#__}" ]; then
 fi
 export ARES_DEPLOYMENT='__ARES_DEPLOYMENT__'
 export ARES_CONFIG=/etc/ares/config.yaml
+export ARES_MAX_CONCURRENT_TASKS=16
 _otel_endpoint='__OTEL_TRACES_ENDPOINT__'
 if [ -n "$_otel_endpoint" ] && [ "$_otel_endpoint" = "${_otel_endpoint#__}" ]; then
   export OTEL_EXPORTER_OTLP_TRACES_ENDPOINT="$_otel_endpoint"

@@ -194,6 +194,7 @@ Install and configure privilege escalation tools for Ares agents
 - **Clone SCMUACBypass from GitHub** (ansible.builtin.git) - Conditional
 - **Clone noPac from GitHub** (ansible.builtin.git) - Conditional
 - **Create virtual environment for noPac** (ansible.builtin.command) - Conditional
+- **Install setuptools in noPac venv (provides pkg_resources)** (ansible.builtin.pip) - Conditional
 - **Install noPac dependencies in venv** (ansible.builtin.pip) - Conditional
 - **Create wrapper script for noPac** (ansible.builtin.copy) - Conditional
 - **Clone PrintNightmare from GitHub** (ansible.builtin.git) - Conditional

@@ -297,6 +297,13 @@
     creates: "{{ privesc_tools_nopac_install_dir }}/venv"
   when: privesc_tools_install_nopac
 
+- name: Install setuptools in noPac venv (provides pkg_resources)
+  ansible.builtin.pip:
+    name: setuptools
+    virtualenv: "{{ privesc_tools_nopac_install_dir }}/venv"
+  become: true
+  when: privesc_tools_install_nopac
+
 - name: Install noPac dependencies in venv
   ansible.builtin.pip:
     requirements: "{{ privesc_tools_nopac_install_dir }}/requirements.txt"

@@ -11,6 +11,10 @@ use super::lateral::{
 use super::names::{get_technique_name, pyramid_level_name};
 use ares_core::models::{Credential, Host, Share, SharedRedTeamState};
 
+// ---------------------------------------------------------------------------
+// names
+// ---------------------------------------------------------------------------
+
 #[test]
 fn get_technique_name_known() {
     assert_eq!(get_technique_name("T1046"), "Network Service Discovery");
@@ -46,6 +50,10 @@ fn pyramid_level_name_unknown() {
     assert_eq!(pyramid_level_name(255), "Unknown");
 }
 
+// ---------------------------------------------------------------------------
+// builders (router)
+// ---------------------------------------------------------------------------
+
 #[test]
 fn build_technique_detections_known_techniques() {
     let state = SharedRedTeamState::new("test-op".to_string());
@@ -199,6 +207,10 @@ fn build_technique_detections_all_kerberos_techniques() {
     }
 }
 
+// ---------------------------------------------------------------------------
+// lateral.rs — direct builder tests
+// ---------------------------------------------------------------------------
+
 #[test]
 fn build_t1021_empty_state() {
     let state = SharedRedTeamState::new("test-op".to_string());
@@ -398,6 +410,10 @@ fn build_t1046_populated_hosts() {
     assert_eq!(det.targets, vec!["192.168.58.5".to_string()]);
 }
 
+// ---------------------------------------------------------------------------
+// credential.rs — direct builder tests
+// ---------------------------------------------------------------------------
+
 #[test]
 fn build_t1003_empty_state() {
     let state = SharedRedTeamState::new("test-op".to_string());
@@ -600,6 +616,10 @@ fn build_t1110_properties() {
     assert!(!det.detection_queries[0].expected_evidence.is_empty());
 }
 
+// ---------------------------------------------------------------------------
+// kerberos.rs — direct builder tests
+// ---------------------------------------------------------------------------
+
 #[test]
 fn build_t1558_properties() {
     let start = Utc::now() - chrono::Duration::hours(1);
@@ -637,6 +657,10 @@ fn build_t1558_001_properties() {
         .any(|e| e.to_lowercase().contains("krbtgt")));
 }
 
+// ---------------------------------------------------------------------------
+// time window plumbing
+// ---------------------------------------------------------------------------
+
 #[test]
 fn detection_query_time_window_is_set() {
     let state = SharedRedTeamState::new("test-op".to_string());

@@ -422,10 +422,12 @@ fn print_attack_path(timeline_events: &[serde_json::Value]) {
             .and_then(|v| v.as_str())
             .unwrap_or("unknown event");
 
+        let already_critical = description.starts_with("CRITICAL:");
         let desc_lower = description.to_lowercase();
-        let is_critical = desc_lower.contains("krbtgt")
-            || (desc_lower.contains("administrator") && desc_lower.contains("hash"))
-            || desc_lower.contains("domain admin");
+        let is_critical = !already_critical
+            && (desc_lower.contains("krbtgt")
+                || (desc_lower.contains("administrator") && desc_lower.contains("hash"))
+                || desc_lower.contains("domain admin"));
         let prefix = if is_critical { "CRITICAL: " } else { "" };
 
         let mitre = extract_mitre_from_event(event);

@@ -174,6 +174,8 @@ mod tests {
     use super::*;
     use serde_json::json;
 
+    // --- extract_chain_steps ---
+
     #[test]
     fn extract_chain_steps_from_array() {
         let chain = json!([{"source": "a"}, {"source": "b"}]);
@@ -213,6 +215,8 @@ mod tests {
         assert!(extract_chain_steps(&chain).is_none());
     }
 
+    // --- extract_source_user ---
+
     #[test]
     fn extract_source_user_from_source_key() {
         let step = json!({"source": "admin"});
@@ -249,6 +253,8 @@ mod tests {
         assert_eq!(extract_source_user(&step), "");
     }
 
+    // --- extract_source_domain ---
+
     #[test]
     fn extract_source_domain_from_source_domain_key() {
         let step = json!({"source_domain": "contoso.local"});
@@ -279,6 +285,8 @@ mod tests {
         assert_eq!(extract_source_domain(&step), "");
     }
 
+    // --- acl_step_dedup_key ---
+
     #[test]
     fn acl_step_dedup_key_basic() {
         assert_eq!(acl_step_dedup_key(0, 0), "chain:0:step:0");