Initial Access

The Initial Access phase of the attack is used to gain a digital or physical foothold to the target (TA0001). This can be done in multiple ways like by executing code or planting a malicious device/software in the network (TA0002). Actions performed in this phase are one of the most crucial steps. They rely on the previous phase as collected information, such as in-use technology (Antivirus, Endpoint Protection System, Operating System), needs to be evaluated, when building our attack toolkit and preparing exploitation of services.

Typical actions performed in this phase include Phishing (E-Mail, Voice, SMS, Credential) attacks with malicious files which target employees directly. We also exploit external infrastructure components such as web applications or remote access gateways. Sometimes, it is also required to perform physical attacks against the target in the form of Social Engineering attacks. This can also include attacking wireless components such as the corporate network or access control cards.