Skip to content

Intermediate red team icon   azure

Leverage Device Code Phishing for Initial Access

Learn how device code phishing is a dangerous technique, seeming legitimate to end users and evading detection!

Overview

Device code phishing is a dangerous technique, both in seeming legitimate to end users and in evading detection. In this lab you'll get hands on with real phishing, enumerate Azure resources, exploit an active Windows user and establish command and control (C2). This lab is good for both red and blue. Strap in!

 
Scenario

Our client International Asset Management has asked us to perform a red team engagement. They want us to start externally as a threat actor would, try and breach their environment and access resources belonging to director or C-level executives. Phishing is in scope, and International Asset Management's IT partners have also agreed to be included in the test.

Lab prerequisites
  • Familiarity with the command line
  • Basic understanding of Azure
  • Basic cybersecurity knowledge
  • Basic understanding of Windows
Learning outcomes
  • Device code phishing
  • Azure enumeration using the Azure CLI and Powershell
  • Windows enumeration
  • Windows lateral movement via binary hijacking
  • Payload creation
  • Controlling target systems using a C2

Pwned Labs:
Your cloud security training ground

Experience, real-world, byte sized cloud security labs for training cyber warriors. From beginners to pros, our engaging platform allows you to secure your defenses, ignite your career and stay ahead of threats.

Join us at any stage of your journey

 

Get started!