Tips and Tricks

Send password protected documents.
Send links instead of attachments, S3 buckets and Azure blobs are a good choice.
Avoid built-in document viewers.
Unleash your inner sociopath, provide compliments and play with their emotions.
Assume worst case scenario.
Start a conversation with the victim before ending your malicious document.
Leverage current events for a good pretext.
clone internal email signatures and spoof phone numbers, following the standard email template for a company can really lure people in.
Make your document phone back home whenever opened to have a better sense of idea of what went wrong if you encounter some failure.

Last updated 3 years ago

Was this helpful?

Send password protected documents.
Send links instead of attachments, S3 buckets and Azure blobs are a good choice.
Avoid built-in document viewers.
Unleash your inner sociopath, provide compliments and play with their emotions.
Assume worst case scenario.
Start a conversation with the victim before ending your malicious document.
Leverage current events for a good pretext.
clone internal email signatures and spoof phone numbers, following the standard email template for a company can really lure people in.
Make your document phone back home whenever opened to have a better sense of idea of what went wrong if you encounter some failure.

Last updated 3 years ago

Was this helpful?