Phishing

How-To, Incident Response, InfoSec 201, Patterson Cake, Phishing BEC, Business Email Compromise, Exchange Online Management, M365, Microsoft 365, PowerShell EXO, SOF-ELK, UAL, Unified Audit Log

Wrangling the M365 UAL with PowerShell and SOF-ELK (Part 1 of 3)

Patterson Cake // When it comes to M365 audit and investigation, the “Unified Audit Log” (UAL) is your friend. It can be surly, obstinate, and wholly inadequate, but your friend […]

Read the entire post here

Blue Team, Incident Response, Informational, InfoSec 301, Phishing, Red Team, Social Engineering, Steve Borosh Device Code, Microsoft

Dynamic Device Code Phishing

rvrsh3ll // Introduction This blog post is intended to give a light overview of device codes, access tokens, and refresh tokens. Here, I focus on the technical how-to for standing […]

Read the entire post here

How-To, Informational, InfoSec 101, Phishing, Red Team, Social Engineering ansible, automation, credential capture, ethical, hacking, html

Hannah Cartier // Social engineering, especially phishing, is becoming increasingly prevalent in red team engagements as well as real-world attacks. As security awareness improves and systems become more locked down, […]

Read the entire post here

Author, How-To, Informational, Max Boehner, Noah Heckman, Phishing

How to Not Get Scammed on Discord

Max Boehner & Noah Heckman // Introduction As 2020 sent us all into our homes social distancing, the demand for online messaging saw a huge spike in an effort for people to stay […]

Read the entire post here

How-To, Informational, InfoSec 101, Phishing, Red Team

How to Phish for User Passwords with PowerShell

tokyoneon // Spoofing credential prompts is an effective privilege escalation and lateral movement technique. It’s not uncommon to experience seemingly random password prompts for Outlook, VPNs, and various other authentication […]

Read the entire post here

00544_07132021_WebcastHowToBuildPhishingEngagement

Author, General InfoSec Tips & Tricks, How-To, Informational, InfoSec 101, InfoSec 201, Phishing, Ralph May, Webcasts

Webcast: How to Build a Phishing Engagement – Coding TTP’s

Building a phishing engagement is hard. While the concept is straightforward, real-world execution is tricky. Being successful takes enormous amounts of up-front setup and knowledge in quickly evolving phishing tactics. […]

Podcast: Play in new window | Download

Subscribe: Apple Podcasts | Spotify | Amazon Music | RSS

Read the entire post here

00421_12042019_CollectingUserInfoLinkedIn

Author, Finding, General InfoSec Tips & Tricks, How-To, Informational, InfoSec 101, Justin Angel, Phishing, Recon, Red Team, Red Team Tools Justin Angel, LinkedIn, Parsuite, Peasant, SendGrid

Collecting and Crafting User Information from LinkedIn

Justin Angel // Penetration testing and red team engagements often require operators to collect user information from various sources that can then be translated into inputs to support social engineering […]

Read the entire post here

00387_05112019_PODCAST_Weaponizing_Intel

Author, Beau Bullock, Mike Felch, Password Spray, Phishing, Podcasts, Recon, Red Team, Red Team Tools, Social Engineering Beau Bullock, Demos, FireProx, Mike Felch, PII, recon, Social Media, Social Trust Attack, tools

Podcast: Weaponizing Corporate Intel. This Time, It’s Personal!

Beau Bullock & Mike Felch// Strategically targeting a corporation requires deep knowledge of their technologies and employees. Successfully compromising an organization can depend on the quality of reconnaissance a tester […]

Podcast: Play in new window | Download

Subscribe: Apple Podcasts | Spotify | Amazon Music | RSS

Read the entire post here