Lab Environment: Rules of Engagement

This is for onsite training. Skip this section if not taking training.

Saintcon Phishing has been tasked to perform a penetration test against SnakShare’s information systems and employees. SnakShare recently implemented new email security protections.

Scope

• snakshare.com and any subdomains
• mail.snakshare.com
• auth.snakshare.com

Rules of Engagement

• Target email addresses will NOT be supplied.

Test Plan

Effektive Ops will conduct the following.

• Perform OSINT against SnakShare.
• Compile a list of potential SnakShare employees and email addresses.
• Peform a phishing engagement against discovered employees.
  • Harvest credentials.
  • Deploy C2 agent on to victim machines.