The Red Team Vade Mecum
Search…
The Red Team Vade Mecum
The Red Team Vade Mecum
Techniques
Defense Evasion
Privilege Escalation
Enumeration
Execution
Initial Access
Tips and Tricks
Tools
Staging/Stagers
MS Office
Payload Delivery
File Formats
Lateral Movement
Code Injection
Persistence
Infrastructure
SQL
Other
Windows Internals
Powered By
GitBook
Tips and Tricks
Send password protected documents.
Send links instead of attachments, S3 buckets and Azure blobs are a good choice.
Avoid built-in document viewers.
Unleash your inner sociopath, provide compliments and play with their emotions.
Assume worst case scenario.
Start a conversation with the victim before ending your malicious document.
Leverage current events for a good pretext.
clone internal email signatures and spoof phone numbers, following the standard email template for a company can really lure people in.
Make your document phone back home whenever opened to have a better sense of idea of what went wrong if you encounter some failure.
​
Techniques - Previous
Initial Access
Next
Tools
Last modified
1yr ago
Copy link