Summary
This is a reference guide for attacking Windows security boundaries during exploitation work. It covers the taxonomy from AppContainer up through VTL1, with practical examples for crossing kernel/user boundaries via win32k syscalls and IOCTL fuzzing, escaping browser sandboxes through Mojo IPC bugs, and abusing COM elevation for UAC bypasses. The boundary crossing chains are the most useful part, showing complete attack paths like browser renderer to SYSTEM or phishing to kernel via BYOVD. It assumes you already have initial access and need to understand which boundaries you're hitting and what primitives you need to cross them. More useful as a quick reference than a tutorial, but the diagrams and code snippets give you enough context to know what to research deeper.
Install to Claude Code
npx -y skills add hypnguyen1209/offensive-claude --skill windows-boundaries --agent claude-codeInstalls into .claude/skills of the current project.
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
An agent that runs the SEO playbooks that move rankings and ships PRs you control.
Get founding access →
Connect Claude to +800M contacts, +150M companies. Find & Enrich leads in chat.
Try For Free →Files
SKILL.md
Select a file.
Featured
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →An agent that runs the SEO playbooks that move rankings and ships PRs you control.
Get founding access →Connect Claude to +800M contacts, +150M companies. Find & Enrich leads in chat.
Try For Free →
