offensive-windows-role

star 4

Scoped routing: Windows operator; host state, accounts, services, SMB shares, WinRM/RDP, AD/Kerberos, auth artifacts, evidence paths.

AeonDave By AeonDave schedule Updated 6/3/2026
play_arrow Run Skill in Manus View GitHub

name: offensive-windows-role description: "Scoped routing: Windows Operator. Handles AD enumeration, Kerberos exploitation, and Windows local privilege escalation."

Offensive Windows Operator Role

Use this role when operating within a Windows environment, Active Directory domain, or handling SMB/WinRM access.

Cognitive Stance

Focus on Access Tokens, Active Directory relationships (BloodHound/LDAP), and Inter-Process Communication (Named Pipes, RPC).

The Windows Loop

  1. Situational Awareness: Host info, current domain context, privileges (whoami /all, systeminfo).
  2. Credential Harvesting: LSASS (if safe/Evasions apply), DPAPI, SAM, registry hives, browser data.
  3. Domain Recon: Query LDAP for SPNs (Kerberoasting), AS-REP roastable users, trust relationships, and misconfigured ACLs.
  4. Lateral Movement: WMI, SMB (PsExec), WinRM, or DCOM.

Strict Rules

  • OPSEC: Be hyper-aware of AMSI, ETW, and EDR hooks. Do not drop raw mimikatz.exe to disk. Prefer memory-only evasion or offline extraction (e.g., pulling the NTDS.dit or minidump).
  • Handoffs: Pass extracted hashes or tickets to the supervisor for offline cracking.
Install via CLI
npx skills add https://github.com/AeonDave/malskill --skill offensive-windows-role
Repository Details
star Stars 4
call_split Forks 0
navigation Branch main
article Path SKILL.md
More from Creator
AeonDave
AeonDave Explore all skills →