These days, it’s hard to perform a penetration test without attempting some sort of online social engineering, and most often, this takes the format of some type of phishing attack (whether targeted or across a wide user base).
While we spend epic amounts of time getting our exploits and payloads perfect (even if we’re using SET), far too often we see testers using stock emails or variants of canned emails that they’ve been taught to use without thinking about the real keys to getting their emails read and acted upon.
These are my five most-often overlooked secrets to making sure that your email phishing works…
Let him know what you think, and, if it helped, tell us how.
I have been working on a review based on the 90 days of access they granted me late last year. I had sent some questions over to THA which they responded to but then I completely dropped the ball in the midst of everything else going on. I’d be happy to finish putting that together. I’ll try to get it done this next week and post it here.
Viewing 2 reply threads
You must be logged in to reply to this topic.
– EH-Net Live!“CISO Underrepresented“ w/ Mark Arnold and Steph Ihezukwu on Tues June 30 @ 1:00 PM US ET. Reg Open Now!