This is an attempt to emulate successfully phishing a user to the point in which they download and execute a payload. When doing things in a lab, it almost never emulates real user interaction and it is an extra step to login to the victim host just to click on an email you sent 30 seconds ago. This method uses outlook rules and powershell to automatically download and execute a link received from a specific user.
This isn’t exactly a full tutorial with every command and button click, more of the steps I went through to create the emulated actions.
Continue reading “Active Directory Lab | Emulating a phished user click”