Introduction
The scenario is defined in a laboratory simulation in a local Windows network of a company (EvilCorp) which is attacked by spear phishing to its employees.
Previously, the attacker goes through a Reconnaissance phase in which he tries to obtain all the possible information about the company published on the internet, on the company's own website, as well as on a third-party website, known as the Reconnaissance phase in which he applies OSINT techniques to get some information.
Once all this information has been obtained, such as the operating system and software used (including the versions), users, emails, shared resources, network addressing, etc. The attacker is in a position to prepare a highly credible phishing email and sends it to all users obtained in the previous phase of Reconnaissance.
Everything begins when one of them clicks on the email link and triggers a series of attacks throughout the network taking advantage of a vulnerability, as we have in “use case 1” and “use case 2”, added to that two more general use cases are shown and without being part of a directed attack, as in the “use case 3” of navigation to malicious or compromised websites and the “use case 4” of a server makes connections to China.
All the attacks are real and have been carried out in a controlled laboratory.
What to do next
- Use Case 1 - Eternalblue Attack
- Use Case 2 - Cryptomining
- Use Case 3 - Malicious or Compromised Websites
- Use Case 4 - China GeoIP Block
All the attacks are real and have been carried out in a controlled laboratory. |
Comments
0 comments
Article is closed for comments.