C2, How-To, Matthew Eidelberg, Red Team DLL sideloading, initial access

Signed, Trusted, and Abused: Proxy Execution via WebView2

An offensive security perspective on Microsoft Edge WebView2 Runtime, including architectural weaknesses, existing vulnerabilities, and exploitation methods.

Read the entire post here

Informational, John Malone, Red Team, Social Engineering initial access, phishing, Vishing

How to Design and Execute Effective Social Engineering Attacks by Phone

Social engineering is the manipulation of individuals into divulging confidential information, granting unauthorized access, or performing actions that benefit the attacker, all without the victim realizing they are being tricked.

Read the entire post here

Author, C2, General InfoSec Tips & Tricks, Mike Felch, Red Team initial access, RDP, remote desktop

Rogue RDP – Revisiting Initial Access Methods

Mike Felch // The Hunt for Initial Access With the default disablement of VBA macros originating from the internet, Microsoft may be pitching a curveball to threat actors and red […]

Read the entire post here