A year ago, our team was running a red team for a large defense contractor. After some initial reconnaissance, we learned that they had outsourced workstation support to an external services provider. After some initial brainstorming, we decided to stage an attack where we would pose as a support technician from the service provider and trick a user from the target organization into downloading and executing code onto his/her own workstation.
This type of attack has been around for more than 20 years and we wanted to find out if it was still possible.
The idea was to send an email to selected users pretending to be a service technician from the support organization. In the email, we explained ...