create_a_phishing_campaign_with_malware_simulations
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
| create_a_phishing_campaign_with_malware_simulations [2019/07/25 12:49] – external edit 127.0.0.1 | create_a_phishing_campaign_with_malware_simulations [2020/05/18 07:54] – lucy | ||
|---|---|---|---|
| Line 22: | Line 22: | ||
| - | **Note:** The files are non-intrusive, | + | **Note:** The files are non-intrusive, |
| Line 169: | Line 169: | ||
| **Note**: The current edition of LUCY will include tools that access files on shares and upload them to the campaign or access the email client via MAPI. These features have restricted configuration options in the community edition (like maximum number of files that can be uploaded, etc.) the same goes for the number of screenshots or length of videos. Only the Commercial Editions have no limitations. You can upload your own custom payload. But keep in mind that reverse channels to LUCY won’t work; only attachments from LUCY are compiled in Real Time with certain settings (IP, Domain Name, URL etc.). | **Note**: The current edition of LUCY will include tools that access files on shares and upload them to the campaign or access the email client via MAPI. These features have restricted configuration options in the community edition (like maximum number of files that can be uploaded, etc.) the same goes for the number of screenshots or length of videos. Only the Commercial Editions have no limitations. You can upload your own custom payload. But keep in mind that reverse channels to LUCY won’t work; only attachments from LUCY are compiled in Real Time with certain settings (IP, Domain Name, URL etc.). | ||
| + | |||
| + | |||
| + | ===== Delivery Challenges ===== | ||
| + | |||
| + | Executable files usually cannot be delivered to a user via e-mail attachment. These are blocked by most email programs. | ||
| + | |||
| + | In order to deliver a malware simulation to the user, the attachment should not be provided via email, but via download on a website. There you have the possibility to download the file: | ||
| + | |||
| + | * Inside an archve (zip, jar, rar etc.) | ||
| + | * Inside an encrypted file (e.g. zip with a password) | ||
| + | * [[pdf_attacks|Inside a PDF]] | ||
| + | * [[create_a_phishing_campaign_with_a_java_dropper_applet|Tunneled through an aplet]] | ||
| + | * Download as a plain exe | ||
| + | |||
| + | Those settings can be applied within the scenario settings of the specific template. Choose archive (1), Tunnel (2) or PDF (3) for the according method: | ||
| + | |||
| + | {{ sc_et_fil.png? | ||
| + | |||
| + | |||
| + | ===== Q&A ===== | ||
| + | |||
| + | * Do the files need to be installed? No, the files are non-intrusive, | ||
| + | * Do the files need to be run with elevated permissions? | ||
| + | * Our filters block file types like .exe- How can I still use the files? Use a different file format within the scenario settings (e.g. place the exe in an archive like a zip file or place it within a PDF as an attachment). | ||
| + | * Can I run the fies on MAC or linux? No: In the current edition, the executable runs only on Windows (Windows 7/ | ||
| + | * Windows defender blocks the files - can this be prevented? It can (using " | ||
create_a_phishing_campaign_with_malware_simulations.txt · Last modified: 2021/12/15 13:20 by lucy