Summary
This covers the full spectrum of getting your initial foothold during red team engagements, from phishing campaigns to exploiting exposed services. You get concrete payload delivery methods (HTML smuggling, ISO/IMG containers for MOTW bypass, OneNote embedding), credential stuffing patterns against O365 and VPN portals, and modern social engineering like ClickFix fake CAPTCHAs. The staged payload architecture is smart: lightweight loader to minimal implant to full C2, with clear OPSEC guidance on domain warming and infrastructure separation. Honestly, the DLL sideloading section with specific targets like Teams and OneDrive is immediately actionable. Note that some techniques like ISO MOTW bypass are patched in Windows 11 22H2+, so you'll need to adjust for newer targets.
Install to Claude Code
npx -y skills add hypnguyen1209/offensive-claude --skill initial-access --agent claude-codeInstalls into .claude/skills of the current project.
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
An agent that runs the SEO playbooks that move rankings and ships PRs you control.
Get founding access →
Connect Claude to +800M contacts, +150M companies. Find & Enrich leads in chat.
Try For Free →Files
SKILL.md
Select a file.
Featured
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →An agent that runs the SEO playbooks that move rankings and ships PRs you control.
Get founding access →Connect Claude to +800M contacts, +150M companies. Find & Enrich leads in chat.
Try For Free →
