Initial Access Tactics, techniques and procedures

Phishing

• https://0xboku.com/2021/07/12/ArtOfDeviceCodePhish.html
• https://medium.com/maltrak/com-objects-p-2-your-stealthy-fileless-attack-bf78318d9165
• https://infosecwriteups.com/recipe-for-a-successful-phishing-campaign-part-1-2-dc23d927ec55
• https://www.xanthus.io/mastering-the-simulated-phishing-attack
• https://github.com/Arno0x/EmbedInHTML
• https://github.com/L4bF0x/PhishingPretexts
• http://lockboxx.blogspot.com/2018/12/gophish-evilginx2-for-phishing.html
• https://book.hacktricks.xyz/phishing-methodology
• https://outflank.nl/blog/2020/03/30/mark-of-the-web-from-a-red-teams-perspective
• https://delta.navisec.io/a-pentesters-guide-part-4-grabbing-hashes-and-forging-external-footholds/
• https://www.rootshellsecurity.net/ntlm_theft-a-tool-for-file-based-forced-ntlm-hash-disclosure/
• https://getgophish.com/ Be sure to remove the identifying headers gophish adds
• https://github.com/curtbraz/PhishAPI
• https://github.com/edoverflow/can-i-take-over-xyz
• https://blog.sublimesecurity.com/red-team-techniques-gaining-access-on-an-external-engagement-through-spear-phishing/

Password Attacks

In our engagements we will try many things to gain an initial foothold, however it's best to try all the low hanging fruits before diving deep into a full social engineering and penetration testing engagement.

Groups like Lapsus$ show's the world that you don't need to be a great technical hacker to pwn massive corporations and if common password and multi-factor authentication (MFA) attacks work on the likes of Uber, Rockstar games, Okta and so on then they will work on our hacktivist targets!

If your target uses multi-factor authentication you can try either social engineering or MFA fatigue.

username creation based on recon/osint

• https://github.com/Mebus/cupp [Free]
• https://github.com/digininja/RSMangler [Free]
• https://github.com/sc0tfree/mentalist [Free]
• https://github.com/urbanadventurer/username-anarchy [Free]

Passwords

• https://github.com/danielmiessler/SecLists/tree/master/Passwords [Free]
• https://github.com/brannondorsey/naive-hashcat/releases/download/data/rockyou.txt [Free]

password cracking tools

• https://www.kali.org/tools/ncrack/ [Free]
• https://www.kali.org/tools/wfuzz/ [Free]
• https://www.kali.org/tools/medusa/ [Free]
• https://www.kali.org/tools/patator/ [Free]
• https://www.kali.org/tools/hydra/ [Free]
• https://www.kali.org/tools/brutespray/ [Free]

Searching leaks

• https://github.com/khast3x/h8mail [Free but includes paid for services]

Services

Please note: DO NOT use intelx[.]io as they have been seen doxing hackers in the past and block the use of VPNs, proxies and Tor. AVOID!

• https://haveibeenpwned.com/ [Free]
• https://haveibeenpwned.com/Pastes [Free]
• https://github.com/vysecurity/LinkedInt
• https://leak-lookup.com/ [Paid. Accepts crypto (XMR & BTC)]

Buying Access

You can use the genesis market to purchase credentials stolen from targets through the use of info stealer malware. Search your target here to see if you can make a quick win gaining access to an admin account. Any account that allows internal access is always a great start. Invites can be found on forums and markets.

• https://genesis.market/guest/login/index [Paid]

Password spraying

• https://github.com/dafthack/MSOLSpray [Free]
• https://pentestlab.blog/2019/09/05/microsoft-exchange-password-spraying/ [Free]
• https://github.com/blacklanternsecurity/TREVORspray [Free]

CVE POCs

• https://github.com/nomi-sec/PoC-in-GitHub