All in Fieldcraft
So, you managed to social engineer your way into the network. You have backdoors installed and full control of a system with admin level access.
Now what?
A big part of the red team exercises is to show the vulnerabilities in an organization, be it digital, physical or human. Adversarial exercises provide another view of security and help the decision makers have a better understanding of where they are having problems.
Thinking like an attacker is key here.
Social engineering is the art of hacking people. People are essentially good and are willing to help; social engineering exploits that.
It’s a great skill to have in the world of red teaming and information security, and while it’s not a new thing we’ve been hearing a lot about it lately: in the RSA, Lockheed Martin and other attacks recently the technique used was something the infosec world likes to call spearhead or phishing attacks. Essentially a form of social engineering via email or phone in which you convince an unsuspected target to open a document (that has been weaponized with a piece of malware) or by redirecting them to a malicious website where another piece of code is waiting for them.