SKILL: Modern Initial Access

Metadata

• Skill Name: initial-access
• Folder: offensive-initial-access
• Source: https://github.com/SnailSploit/offensive-checklist/blob/main/initial-access.md

Description

Initial access techniques checklist: phishing (spear/smishing), credential stuffing, exposed service exploitation, supply chain attacks, watering hole, VPN/RDP brute force, public-facing application exploitation. Maps to MITRE ATT&CK TA0001. Use when planning initial access phases of red team engagements.

Trigger Phrases

Use this skill when the conversation involves any of: initial access, phishing, spear phishing, credential stuffing, exposed service, supply chain, watering hole, VPN brute force, RDP attack, MITRE TA0001, initial foothold

Instructions for Claude

When this skill is active:

1. Load and apply the full methodology below as your operational checklist
2. Follow steps in order unless the user specifies otherwise
3. For each technique, consider applicability to the current target/context
4. Track which checklist items have been completed
5. Suggest next steps based on findings

Full Methodology

Modern Initial Access

Introduction

Typical Initial Access Vectors

• Email with malware attached/linked
  • Most attacks using attached malware won't work
  • Out of the box protection may not cover PDF, ISO, IMG, HTML, SVG, PPTM, PPSM, ACCDE
  • Most URL-based attacks do work
  • domain's reputation, age, category should be sound
  • domain should use https
  • limit number of GET elements and their names
  • use HTML Smuggling to evade
  • get your domain warmed up (send some legitimate emails first with no attachment and links)
  • Advanced attacks may involve delivering backdoored trusted applications (e.g., older Electron apps with V8 exploits) via phishing to bypass application control like WDAC.
• Spear-phishing/ phishing / stealing valid credentials
  • Check your mail with Phishious before sending it to your victim
  • use decode-spam-headers to analyze returned SMTP headers
  • Be aware that default Microsoft Office settings now block macros in files downloaded from the internet (marked with MOTW). Success often requires significant social engineering to convince users to bypass these protections or using alternative delivery methods (e.g., containers that don't propagate MOTW, signed add-ins).
  • images and link increase spam score, be wary of it
  • don't use no-reply like usernames
  • send through GoPhis -> AWS SOCAT :587 -> smtp.gmail.com -> @target.com
  • link to websites on trusted domains, like cloud-facing resources
  • make sure your webserver blocks automated bots
• Deep‑fake voice or video social‑engineering calls (help‑desk or executive impersonation) to obtain password resets or approve MFA prompts. Generative‑AI tools make cloning voices trivial.
• Business Email Compromise (BEC) / OAuth consent phishing that targets finance or vendor‑portal users, yielding cloud‑token access even where MFA is enabled.
• Malicious OneNote .one attachments and OneDrive "Add to Shortcut" abuse: embedded HTA/JS payloads bypass Office macro blocking and spread via cloud sync.
• Excel blocks untrusted Internet-origin XLL add-ins by default (M365, 2023+). Smuggled XLLs inside containers may still be blocked once MOTW propagates.
• Malicious browser extensions (Chrome, Edge, Firefox) delivered through fake Web Store listings; hijack session cookies or inject scripts into authenticated SaaS sessions.
• attackers register malicious cloud apps and trick users into granting scopes, giving token-based access that bypasses MFA
• Reusing stolen credentials against external single factor VPN, gateways, etc
• Password Spraying against Office365, custom login pages, VPN gateways
• Exposed RDP with weak credentials and lacking controls
• Unpatched known vulnerable perimeter device, application bugs, default credentials, etc
• Rarely HID-emulating USB sticks
• WiFi Evil Twin -> Route WPA2 Enterprise -> NetNTLMv2 hash cracking -> authenticated network access -> Responder
• Plugging into on-premises LAN -> Responder/mitm6/Ldaprelayx
• SEO poisoning / paid‑search malvertising (e.g., fake PuTTY & WinSCP ads, dominant loader delivery 2024–25) and "quishing" PDFs whose QR codes redirect victims to mobile OAuth login pages
• Consent‑/token‑phishing and Adversary‑in‑the‑Middle (AiTM) proxy kits that steal OAuth session cookies or proxy MFA (e.g., EvilProxy, Tycoon, Dadsec). These vectors bypass MFA by tricking users into granting access to rogue Azure AD / Google Workspace apps.
• Supply‑chain compromise of developer ecosystems:
  • malicious NPM / PyPI typosquat packages
  • poisoned GitHub Actions or CI/CD secrets exfiltration
  • container‑registry deception (imageless Docker Hub repos or curl | bash installers).
  • First contact often occurs on developer workstations.
• Mass‑exploited perimeter and edge‑device zero‑days (e.g., Ivanti Connect Secure (such as CVE-2023-46805, CVE-2024-21887), MOVEit Transfer (such as CVE-2023-34362), Citrix Bleed) enabling unauthenticated remote code execution before credentials come into play. Maintain a live "current CVEs exploited‑in‑the‑wild" table and apply virtual patching/WAF rules where upgrades lag.
• Cloud & Kubernetes misconfigurations:
  • exposed S3 buckets allowing upload‑then‑execute objects
  • SSRF into EC2 IMDSv1 or GCP metadata to steal instance credentials
  • open Kubernetes API/Argo CD dashboards, and leaked Azure SAS tokens that grant cross‑tenant data extraction.
  • OIDC Workload Identity Federation exposed: stolen GKE/EKS service‑account tokens grant cross‑cluster privilege escalation.
  • AWS STS credentials embedded in shareable URLs (GetFederationToken, presigned S3, etc.) leak temporary keys to attackers.
• Mobile initial‑access vectors:
  • smishing or WhatsApp/Telegram lures
  • QR‑code invoice/resumé phishing that lands on mobile browsers
  • rogue Mobile Device Management (MDM) enrolment profiles granting full device admin.
  • Passkey/WebAuthn phishing pages that spoof the biometric prompt to hijack FIDO sessions.
  • Sideload invitations via fake Apple TestFlight or Test Fairy links deliver malicious iOS/Android apps outside official store review.
• Collaboration‑app abuse:
  • malicious Microsoft Teams/Slack/Discord apps with overbroad OAuth scopes
  • slash‑command token vacuum
  • SharePoint Framework (SPFx) app sideloading
  • Discord/Telegram CDN links hosting first‑stage binaries.
• If WinRM over HTTPS (WinRMS, port 5986) is enabled (it's not by default) and its Channel Binding setting remains at the default "Relaxed", it becomes vulnerable to NTLM relay attacks. Relayed credentials (e.g., from coerced HTTP/SMB/LDAP) can grant RCE. Ironically, enabling WinRMS to "harden" a system by disabling HTTP WinRM (port 5985, which is relay-resistant due to internal encryption) can introduce this vulnerability. Key technical details:
  • Standard WinRM (port 5985) uses HTTP with SPNEGO; channel binding is enabled by default, so NTLM relay fails unless the attacker controls TLS.
  • WinRMS (port 5986) runs over HTTPS; if CbtHardeningLevel is not set to Strict, credentials can still be relayed despite TLS.
  • Channel Binding (CBT) can be set to None (disabled), Relaxed (optional), or Strict (required)
  • Mitigation: winrm set winrm/config/service/auth '@{CbtHardeningLevel="Strict"}'
  • Prefer Kerberos or certificate-based auth for WinRM; monitor and reduce NTLM usage.
• Exploiting misconfigured Power Platform services (e.g., Power Apps with overly permissive shared connections or abusing Power Query for native SQL execution against on-prem data gateways).

Command & Control

• Use a two-stage Mythic C2 as our command and control
• Stage one should be lean and hard to detect, it woul