Client-side attack vectors are often an effective way of getting an initial foothold in a non-routable internal network. They are especially insidious as they exploit weaknesses or leverage functionality of existing client software.

In this Module, we learned how to get information about our targets to prepare client-side attacks. We then leveraged Microsoft Office macros, Windows library files, and shortcut files to obtain code execution and receive reverse shells.