61 lines
1.4 KiB
Markdown
61 lines
1.4 KiB
Markdown
# scope
|
|
|
|
(paste scope from workbook)
|
|
|
|
---
|
|
|
|
# ppc
|
|
|
|
have you been vished before?
|
|
- [ ] yes
|
|
- [ ] no
|
|
|
|
|
|
if yes:
|
|
what was the purpose of that attack?
|
|
- [ ] gain a foothold
|
|
- [ ] get protected data
|
|
- [ ] steal money
|
|
|
|
Our vishing tests generally have four main objectives
|
|
|
|
1. verbial confirmation of information
|
|
2. run commands on the system they're on
|
|
3. go to a specific website
|
|
4. join a screen shareing session with us and grant remote control
|
|
|
|
This simulates an attacker gaining a foothold on the network via vishing.
|
|
|
|
Are these objectives what you want to test for?
|
|
|
|
- [ ] yes
|
|
- [ ] no
|
|
|
|
custom objectives:
|
|
|
|
- (continue as needed)
|
|
|
|
Our default pretext is 3rd party IT
|
|
|
|
We'll call in claiming to be employees at an IT firm that were brought in to handle some of the basic maintence tasks such as computer inventory and updates.
|
|
|
|
We'll claim the inventory system had a glitch and that we're calling a few people to verify the information in our spreadsheet is correct.
|
|
|
|
We'll have the target verify some basic information about their computer and verify any information we can gather via OSINT
|
|
|
|
We'll then fabricate a reason to believe that our spreadsheet is incorrect and that it would require farther troubleshooting.
|
|
|
|
We'll ask them to run a few commands and read us the output to confirm this
|
|
|
|
We'll then offer a zoom call so they can share screen and speed up the troubleshooting process.
|
|
|
|
Does this pretext sound ok to you?
|
|
|
|
- [ ] yes
|
|
- [ ] no
|
|
|
|
Custom pretext:
|
|
|
|
|
|
|