"destination url check out an example phishing workflow : final thoughts credsniper has been an enormous success for our engagements at black hills and we have received lots of great feedback from users. i wanted to take a second and also shine some light on another great tool cal…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1059.006Python
85%
"##s will also be installed if they are not already present : - let ’ s encrypt apt repository - python3 - virtualenv - gnupg - certbot - python3 modules : flask, mechanicalsoup, pyopenssl using python3, a virtual environment will be created and the necessary python3 modules will …"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1566.002Spearphishing Link
78%
"with the genuine portal behind the scenes and during the interaction with the target. by authenticating with the genuine site, the 2fa sms token would be sent to the target and credsniper could prompt the user to enter it. templates are the html copy of the genuine portal but wit…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1566.002Spearphishing Link
70%
": / / github. com / ustayready / credsniper $ cd credsniper ~ / credsniper $. / install. sh the install script will request information from you in order to configure the required parameters and kick - off the initial running of credsniper. these parameters can be passed in as fl…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1598.003Spearphishing Link
67%
"##ose enable verbose output - - final final final url the user is redirected to after phishing is done - - hostname hostname hostname for ssl if you choose to monitor phished credentials without using the built - in api, there are two files you should be familiar with : temporary…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1566.002Spearphishing Link
67%
"##edsniper was originally birthed out of a need while on a red team engagement and since then has morphed into a sound method of successfully obtaining credentials and 2fa tokens from even highly - technical senior staff. introducing credsniper phishing credentials has been going…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1556.006Multi-Factor Authentication
66%
"stealing 2fa tokens on red teams with credsniper stealing 2fa tokens on red teams with credsniper mike felch / / more and more organizations are rolling out mandatory 2fa enrollment for authentication to external services like gsuite and owa. while this is great news because it c…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Mike Felch // More and more organizations are rolling out mandatory 2FA enrollment for authentication to external services like GSuite and OWA. While this is great news because it creates […]
