started work on writing the tool, its not quite ready yet, but we're

getting close.

default_notes_templates/vishing/calls.md

@@ -0,0 +1,8 @@
+# date
+
+| name | number | notes |
+| ---- | ------ | ----- |
+
+---
+
+(continue as needed)

default_notes_templates/vishing/findings.md

@@ -0,0 +1,7 @@
+# enumeration findings
+
+---
+
+# Call findings
+
+

default_notes_templates/vishing/general.md

@@ -0,0 +1,60 @@
+# scope
+
+(paste scope from workbook)
+
+---
+
+# ppc
+
+have you been vished before?
+- [ ] yes
+- [ ] no
+
+
+if yes:
+	what was the purpose of that attack? 
+	- [ ] gain a foothold
+	- [ ] get protected data
+	- [ ] steal money
+
+Our vishing tests generally have four main objectives
+
+1. verbial confirmation of information
+2. run commands on the system they're on
+3. go to a specific website
+4. join a screen shareing session with us and grant remote control
+
+This simulates an attacker gaining a foothold on the network via vishing.
+
+Are these objectives what you want to test for?
+
+- [ ] yes
+- [ ] no
+
+custom objectives:
+
+- (continue as needed)
+
+Our default pretext is 3rd party IT
+
+We'll call in claiming to be employees at an IT firm that were brought in to handle some of the basic maintence tasks such as computer inventory and updates.
+
+We'll claim the inventory system had a glitch and that we're calling a few people to verify the information in our spreadsheet is correct.
+
+We'll have the target verify some basic information about their computer and verify any information we can gather via OSINT
+
+We'll then fabricate a reason to believe that our spreadsheet is incorrect and that it would require farther troubleshooting.
+
+We'll ask them to run a few commands and read us the output to confirm this
+
+We'll then offer a zoom call so they can share screen and speed up the troubleshooting process.
+
+Does this pretext sound ok to you?
+
+- [ ] yes
+- [ ] no
+
+Custom pretext:
+
+
+ 

default_notes_templates/vishing/pretext.md

@@ -0,0 +1,38 @@
+# default
+
+Hello I'm (name fill this out) from (it firm fill this out). We were brought in to help your normal IT guys with some of the menial tasks so they can focus on more import improvement projects. As part of this we're making sure our inventory management system is checking in correctly and up to date, this should only take a minute or two. Is now bad time to talk?
+
+Great I just need to confirm that my inventory report here is accurate.
+
+Are you currently running Windows 11?
+
+can you confirm your user name is (metadata username)?
+
+great and your email is (email enumeration finding)?
+
+Your primary browser is firfox?
+
+Oh thats strange it seems our report is wrong then... I don't think our program on your computer is checking in correctly... uhhh I want to make sure you're getting all the windows updates we need to be compliant.
+
+Hold the windows key on your keyboard and press the r button. in the box that opens up type cmd.exe and press enter.
+
+This will open a scary black box, but don't worry I'll walk you through what we need here, it'll be pretty easy.
+
+In that box type systemifo all one word and press enter.
+
+Scroll up through that output and find the section that talks about hotfixes, how many are installed?
+
+That doesn't seem like the right number to me, can you read me the last 3 that are listed there?
+
+yeah you're definitely not getting all of the windows updates. This is going to take a bit of troubleshooting to figure out. Would you mind hopping in a Zoom call with me and sharing your screen so I can check a few things? This should only take a couple of minutes.
+
+(open up the services manager and scroll through it, check some program files folders, and run a few commands in cmd to act like I'm troubleshooting.)
+
+Hmmm everything looks ok on this end. I'm going to do some troubleshooting on the server side and see if we can get to the bottom of this. I don't think we'll need anything else from you to fix this, but if that changes I'll let you know.  Thank you for your time. 
+
+
+---
+
+# custom 
+
+(fill out if needed)