On every red team engagement, one of the first steps is to gain access to the target environment. Generally, red teams will leverage social engineering techniques to get their customer to run a payload sent through email or other digital means. Unfortunately for us, on this particular engagement the client was doing a great job of screening and deconflicting suspicious emails – a no-go for access for our team. Because of this, we took a different approach.
The Problem
We could not coerce our client to click on our phishing emails, and we needed access to continue the engagement. Additionally, the public-facing assets of our client were extremely limited, making the job of initial access even more difficult.