README.md

• Getting Inside
  • Attacking a Perimeter
    • Exploit public-facing application (T1190)
      • Exploit common-of-the-shelf application
      • Exploit custom-written web service
    • Access via external remote services (T1133)
      • Using publicly leaked credentials
      • Brute forcing credentials
      • Steal credentials
        • Social engineer an employee of the target to reveal credentials
        • Compromise employee's laptop/mobile to gain credentials
  • Social Engineering (remote)
    • Cloning authentication pages on doppelganger domains
    • Phishing (T1566)
      • Email
        • Malicious attachment (T1566.001)
        • Link to malicious site (T1566.002)
      • 3rd party service (T1566.003)
  • Trust Exploitation
    • Dirve-by Compromise (T1189)
    • Supply Chain Compromise (T1195)
      • Compromise Software Dependencies and Development Tools (T1195.001)
      • Compromise Software Supply Chain (T1195.002)
      • Compromise Hardware Supply Chain (T1195.003)
    • Exploit relationship with a 3rd party (T1199)
    • [AND] Compromise "to be acquired" company
      • Gain knowledge about planned aquisitions
      • Get inside this company
    • [AND] Build trust relationship with the target
      • Work as a contractor for the target
      • Exploit the trust that was built
  • Close Access Operations
    • Wireless network compromise
    • USB drive drops (T1091)
    • Planting drop-in device in target's network (T1200)
      • Breach physical perimeter to get access to network
      • "Task" insider to plant the device

Getting Inside