The document discusses techniques used by red teams for social engineering attacks. It begins by defining social engineering and its use in security contexts. It then provides examples of social engineering techniques like manipulating links to redirect users and embedding authentication credentials in Word documents. The document also discusses rules for red team operations like having backup plans. It explores potential payload ideas like using USB rubber duckies or power banks to deliver attacks. Finally, it lists references for learning more about social engineering and specific vulnerabilities.
4. #entry.point();
Engenharia Social
• A engenharia social, no contexto de segurança da
informação, refere-se à manipulação psicológica de
pessoas para a execução de ações ou divulgar
informações confidenciais.
• Este é um termo que descreve um tipo psicotécnico
de intrusão que depende fortemente de interação
humana e envolve enganar outras pessoas para
quebrar procedimentos de segurança.
11. #re.Start();
• Rule 1: Always have an escape plan
• Rule 2: Never get caught.
• Rule 3: Be aware of your surroundings.
• Rule 4: Always have a backup plan.
• Rule 5: Assumpton is the mother of all fuckups.
• Rule 6: Trust your gut.
• Rule 7: Simple and light equals freedom, agility and mobility.
• Rule 8: KISS: Keep it simple, stupid.
• Rule 9: The soluton is in the problem.
• Rule 10: Don't become predictable.
• Rule 11: Never take the elevator.
• Rule 12: Act, don’t react.
The Rules
https://redteams.net/rules
12. #re.Start();
• Rule 1: Always have an escape plan
• Rule 2: Never get caught.
• Rule 3: Be aware of your surroundings.
• Rule 4: Always have a backup plan.
• Rule 5: Assumpton is the mother of all fuckups.
• Rule 6: Trust your gut.
• Rule 7: Simple and light equals freedom, agility and mobility.
• Rule 8: KISS: Keep it simple, stupid.
• Rule 9: The soluton is in the problem.
• Rule 10: Don't become predictable.
• Rule 11: Never take the elevator.
• Rule 12: Act, don’t react.
The Rules
https://redteams.net/rules
13. #re.Start();
• Rule 1.1: Always have a plan.
• Rule 1.2: Always have a back-up plan, because
the frst one probably won’t work.
• Rule 1.3: Always have an escape plan because
all the rest of the plans will fail.
The Rules
EXTENSION
https://redteams.net/rules
14. #re.Start();
• Rule 1.1: Always have a plan.
• Rule 1.2: Always have a back-up plan, because
the frst one probably won’t work.
• Rule 1.3: Always have an escape plan because
all the rest of the plans will fail.
The Rules
EXTENSION
https://redteams.net/rules
16. #get.Scenario()
Registra um dominoRegistra um domino
Envia um email para o
alvo dando by-pass no
SPF
Envia um email para o
alvo dando by-pass no
SPF
Spear Phishing Roubo de Credencial
17. #re.Start();
Arquivo de documento do Word com autentcação
básica.
Ataque de manipulação de link. (sendRedirect)
Planilha no excel. (VBS)
UNC path injected doc + netNTLM hash
Roubo de
Credencial
https://redteams.net/rules