What testing method did you use in the situation: You've been assigned with conducting a penetration test. While researching information, you come across an employee list on Google. You locate the receptionist's email address and send her an email with the source email set to her boss's address (boss@company). You request a pdf with information in this email. She reads your email and responds with a pdf including links. You replace the pdf links with your malicious links (which include malware) and return the updated pdf, claiming that the links no longer function. She receives your email, clicks on the links, and her computer becomes infected. You can now connect to the company network.
Comments