MacOS Initial Access

This paper explores the difficulties and possible solutions for landing an initial access payload against MacOS, likely from phishing. There are a number of additional difficulties to consider, compared to crafting an initial access payload, or dropper, for Windows. We'll take a look at each of the technical issues, and then craft a reasonable pretext and payload, targeting the latest MacOS running on M1 silicon.

Read more  ↩︎

Creating (fake) websites with Zola

A paper, almost in the form of a "Standard Operating Procedure" or walkthrough, on how you can use Zola to rapidly create and deploy websites for fake businesses/content, for the purposes of red team phishing campaigns. We'll walk through, step by step, getting setup with zola to generate our first fake company website. Once you've run through this process a couple times, you'll be ready to generate an entire website for a fake business and deploy it rapidly.

Read more  ↩︎