The Agent Skills Directory

[COMMAND_EXECUTION]: Provides explicit commands for escalating privileges through service misconfigurations, such as modifying service binary paths (binpath) to execute arbitrary reverse shells.
[COMMAND_EXECUTION]: Includes instructions for establishing persistence on a target system by creating scheduled tasks (schtasks) that run as the SYSTEM user and modifying registry autorun keys (HKLM\...\Run).
[COMMAND_EXECUTION]: Describes techniques for bypassing User Account Control (UAC) by manipulating registry keys and launching auto-elevating binaries like fodhelper.exe.
[DATA_EXFILTRATION]: Contains methodologies for dumping sensitive credential stores, including saving the SAM, SYSTEM, and SECURITY registry hives, and creating memory dumps of the LSASS process for offline analysis.
[DATA_EXFILTRATION]: Promotes the use of reverse shells using tools like Netcat (nc.exe) and MSFvenom payloads to facilitate outbound data transfer and remote control.
[EXTERNAL_DOWNLOADS]: References and recommends the use of a wide array of third-party offensive security tools and repositories, such as Mimikatz, WinPEAS, Rubeus, and various privilege escalation exploits from non-standard external sources.

escalating-windows-privileges