Hi HTB team,

I’d like to suggest adding a dedicated module focused on phishing techniques and initial access scenarios. While the Academy already covers many technical exploitation paths, there is limited structured content around the human attack surface, which is critical in real-world engagements.

The module could include:

* Crafting realistic phishing campaigns (email structure, pretexts, OPSEC considerations)

* Payload delivery methods (attachments vs links, common trade-offs)

* High-level overview of email security controls and user awareness challenges

* Safe lab simulations of phishing workflows (end-to-end initial access scenarios)

* Detection and defensive perspective (how blue teams identify phishing attempts)

This would complement existing red teaming and C2 content by providing a more complete view of the attack chain, from initial access to post-exploitation.

I believe this would be highly valuable for both:

* Red teamers learning realistic entry points

* Blue teamers understanding how phishing attacks are executed

Thanks for considering!