started work on writing the tool, its not quite ready yet, but we're

getting close.

default_notes_templates/vishing/general.md

@@ -0,0 +1,60 @@
+# scope
+
+(paste scope from workbook)
+
+---
+
+# ppc
+
+have you been vished before?
+- [ ] yes
+- [ ] no
+
+
+if yes:
+	what was the purpose of that attack? 
+	- [ ] gain a foothold
+	- [ ] get protected data
+	- [ ] steal money
+
+Our vishing tests generally have four main objectives
+
+1. verbial confirmation of information
+2. run commands on the system they're on
+3. go to a specific website
+4. join a screen shareing session with us and grant remote control
+
+This simulates an attacker gaining a foothold on the network via vishing.
+
+Are these objectives what you want to test for?
+
+- [ ] yes
+- [ ] no
+
+custom objectives:
+
+- (continue as needed)
+
+Our default pretext is 3rd party IT
+
+We'll call in claiming to be employees at an IT firm that were brought in to handle some of the basic maintence tasks such as computer inventory and updates.
+
+We'll claim the inventory system had a glitch and that we're calling a few people to verify the information in our spreadsheet is correct.
+
+We'll have the target verify some basic information about their computer and verify any information we can gather via OSINT
+
+We'll then fabricate a reason to believe that our spreadsheet is incorrect and that it would require farther troubleshooting.
+
+We'll ask them to run a few commands and read us the output to confirm this
+
+We'll then offer a zoom call so they can share screen and speed up the troubleshooting process.
+
+Does this pretext sound ok to you?
+
+- [ ] yes
+- [ ] no
+
+Custom pretext:
+
+
+