1 Information Gathering
● Gather information about the target (company/website/person).
● Discover associated websites, links, companies.
● Associated people, names, emails, phone numbers, social networks, friends.
● Associated social networking accounts.
● Display all info on a graph and build attack strategies.
2 Generating Evil Files
● Create basic evil files for most common operating systems, this includes (but
not limited to):
○ Backdoors.
○ Keyloggers.
○ Password recovery tools.
○ Download & execute payloads.
○ Download & report payloads.
3 Enhancing Evil Files
● Bypass all anti-virus programs.
● Create trojans for most common operating systems.
● Embed evil code in microsoft office documents.
● Make evil file look and function like a normal file (image, pdf ...etc).
● Create perfect spying tools.
4 Delivery methods
● Smart social engineering techniques to deliver evil files.
● Fake login pages.
● Fake update pages.
● Fake update popups.
● Mail spoofing.
● Fake website/youtube traffic.
● And more!
5 Post Exploitation
● Control computers we hacked in previous sections.
● Access file system (open, edit, remove, upload, download) files
● Spying.
● Privilege escalation.
● Accessing camera.
● Pivoting.
● And more!
6 Security
● Secure yourself from social engineering attacks.
● File integrity.
● Analyze files.
● Analyze network connections and running services.
● Run files in the sandbox.
0 Comments
If you have any doubts, Let me know!