Introduction

What?

Weaponisation is the second stage of the Cyber Kill Chain model. Use our own crafted tools to exploit a target.

Why?

Most organisations have Windows OS running, which is going to be a likely target. An organisation’s environment policy often blocks downloading and executing .exe files to avoid security violations.

Red teams rely on building custom payloads sent via other channels such as phishing campaigns, social engineering, browser or software exploitation, USB, or web methods.

How?

• Gain unauthorised access

• Windows scripting host

• HTML application

• Visual Basic for application

• Powershell

• Getting out of the box (BeEF)

• Command and control

• Attack infrastructure as code (in “In”)

• Delivery techniques

• Create a botnet

• SEO poisoning

---

The Art of Cyberwarfare, Himanshu Sharma , Harpreet Singh, 2018