Ransomware has emerged as one of the most common and damaging malware threats in recent years. In fact, the volume and expense of ransomware attacks have caused some insurers to exclude them from cybersecurity coverage. Read on to learn more about the top 2023 ransomware attacks and how to protect yourself and your company.
Resources
Blog
Social Engineering
Keep up to date with the latest offensive security news, knowledge, and resources.
Protecting your infrastructure from prying eyes is an important part of landing a phish and maintaining access to a client’s network. The process of setting up redirectors and reverse proxies has traditionally been difficult and hard to automate across different cloud platforms.
Today, we’re going to solve that problem with our new repository, sneaky_proxy, which will allow you to automate your...
I’m going to quickly go through the process of setting up GoPhish and show you how we evade defenders to increase the success rate of our phishing campaigns.
We are going to dig into Slack workspace compromise to provide additional information and tooling you can use to leverage access. This guidance will build off of “Abusing Slack for Offensive Operations”, a great article Cody Thomas wrote for the SpectrOps blog.
Good command-and-control infrastructure requires a known, trusted domain. When you’re first starting out, this can be difficult to find, but luckily other testers have provided many great resources.
It’s pretty common for companies to bundle social engineering into their penetration testing programs. But when the report shows up, you may find you’re surprised and frustrated at the rate of employees clicking links to open malicious documents. How were my employees so easily manipulated? And why didn’t anyone on the IT staff catch this? Don’t sweat it. Happens to...
