What are typical enterprise use-cases that lead to client-side infiltration?
- Email - contains malicious attachments/links
- Websites - contains malicious apps/links/ads
- Microsoft Office - applications like Word/Excel could contain macro malware that gets executed when opened
- Messaging platforms e.g. Skype, Telegram etc - contains malicious attachments/links
What is a normal boot up?
- Clean Windows VM vis-la-vis Backdoor installed (later under Monitor Attacks)
- look at your ODB console (learn the docker command to tail log)
Frame use-cases using my Code-Execution Model.
As per our discussion, there should be an offensive equivalent to this benign flows
- Email → download Attachment → View Attachment
- Browser → download → View
- IM platforms → download → View
Learning outcome? Able to appreciate the lineage sequences & what kind of CommandLines are involved, what kind of other activities that are triggered & can be recorded by Sysmon, the underlying "flight-recorder" of OpenEDR.
Â
For each use-case, create a separate page/card & setup timeline please.