A Modern Day Take On The Trojan Horse

A Modern Day Take On The Trojan Horse

I'm going to use this post to elaborate on one particularly fun composite attack scenario that I helped put together a while back. This story involves a client working with some sensitive government agencies, a few different technical attack scenarios, and as the title suggests...a modern day version of the original trojan horse (quite literally). The client who hired our red team was concerned with two distinct threat actors…

Role-Based Social Engineering And Why It Matters

Role-Based Social Engineering And Why It Matters

Social engineering is an effective tool in any penetration testers utility belt, it almost always provides a way into an organization...that first essential foothold. For those providing social engineering testing services though, providing and proving value can be a little tricky. Social engineering as a testing tactic can usually be broken down in two ways: Opportunistic (point-in-time) social engineering Role-based social engineering Opportunistic attacks are what's most frequently discussed…