Initial Access Tactics, techniques and procedures
Jump to navigation
Jump to search
Phishing
- https://0xboku.com/2021/07/12/ArtOfDeviceCodePhish.html
- https://medium.com/maltrak/com-objects-p-2-your-stealthy-fileless-attack-bf78318d9165
- https://infosecwriteups.com/recipe-for-a-successful-phishing-campaign-part-1-2-dc23d927ec55
- https://www.xanthus.io/mastering-the-simulated-phishing-attack
- https://github.com/Arno0x/EmbedInHTML
- https://github.com/L4bF0x/PhishingPretexts
- http://lockboxx.blogspot.com/2018/12/gophish-evilginx2-for-phishing.html
- https://book.hacktricks.xyz/phishing-methodology
- https://outflank.nl/blog/2020/03/30/mark-of-the-web-from-a-red-teams-perspective
- https://delta.navisec.io/a-pentesters-guide-part-4-grabbing-hashes-and-forging-external-footholds/
- https://www.rootshellsecurity.net/ntlm_theft-a-tool-for-file-based-forced-ntlm-hash-disclosure/
- https://getgophish.com/ Be sure to remove the identifying headers gophish adds
- https://github.com/curtbraz/PhishAPI
- https://github.com/edoverflow/can-i-take-over-xyz
- https://blog.sublimesecurity.com/red-team-techniques-gaining-access-on-an-external-engagement-through-spear-phishing/
Password spraying
- https://github.com/dafthack/MSOLSpray
- https://pentestlab.blog/2019/09/05/microsoft-exchange-password-spraying/
- https://github.com/blacklanternsecurity/TREVORspray
- https://github.com/x90skysn3k/brutespray