• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

War Room

Shells from above

RSM logo

  • Home
  • About
  • Blog
  • Talks/Whitepapers
  • Tools
  • Recreation

Jeremy

Customizing King Phisher Using Plugins

January 18, 2017 By Jeremy

With the ability to write your own plugins for King Phisher, basically the possibilities for what YOU want King Phisher to do have fallen into your hands. During the newer release for King Phisher, the development team has incorporated the ability to add your own plugins to allow customization on what you'd like the phishing tool to do. For example, we've started a plugin ... READ MORE

Gotta Vish ‘Em All: Managing a Large Vishing Engagement

October 3, 2016 By Jeremy

I was recently tasked with managing a rather large vishing campaign targeting a major financial institution. Normally when we get these kinds of campaigns, we're tasked with making ten to fifty phone calls (whether or not someone answers) and report the results. This campaign differed in that we had to talk to 100 individuals. Now it doesn't sound so bad, right? In reality, our ... READ MORE

Identity Legitimacy: Making Your Own ID Badge

June 30, 2016 By Jeremy

A big part of performing any sort of physical penetration assessment involves a little bit of social engineering. More often than not, we choose to spoof a legitimate employee or vendor to attempt to enter the facility. Now, simply saying that you are Joe Schmo from Corporate isn't likely to get you very far. A successful tester will have to look the part, dress the part, and, ... READ MORE

War Room Talks @ B-Sides Cleveland 2016

June 29, 2016 By Jeremy

Video credit: Adrian Crenshaw, @irongeek_adc Process Ventriloquism with ZeroSteiner A Rookie PoV The Hollywood Fallacy with H3llcat ... READ MORE

Pretexting: Your Targets Want to, They Just Don’t Know it Yet

April 29, 2016 By Jeremy

When conducting a social engineering engagement, be it in person or remote, your pretext can mean life or death for your engagement. First off, let's define what a pretext is. A pretext is your story. Who you are, the company you work for, your purpose, even down to how many kids you have, their names, the car you drive, etc. Depending how far you need to go, having details ... READ MORE

Register Now for the RSM Capture The Flag 2016

March 15, 2016 By Jeremy

We here at the WarRoom love this time of year as it's time for our annual Capture the Flag event. This year, we're working with Akron University and opened the CTF to both undergrad college and high school teams. Here's a little bit of the details: High School Students College Students High school students in grades 9-12. Teams will consist of 1 to 4 ... READ MORE

Becoming a Master Template Creator with Jinja2: Getting Started

March 1, 2016 By Jeremy

My last blog was a primer for getting into scripting web templates using Jinja2. In this next blog (part two of an intended four part series) we'll get started by installing the necessary dependencies, setting up a directory, and starting to build our site. Installation Before we get started, it's important to note I'm running Ubuntu Gnome 15.04, so the majority of commands ... READ MORE

Beer:30 – Physical Security Assessment

January 4, 2016 By Jeremy

Our very own patchwork talks about conducting a Physical Security Assessment for RSM's Beer:30 web series. ... READ MORE

WarRoom Revisited

January 1, 2016 By Jeremy

Last year, one of our visions became a reality with the roll our of our technical blog, the War Room. Our original intent was to creat a space where any of us could write about topics we were learning or that others might find beneficial. It was a little bit of a learning experience at first, but we were able to publish our first post in September, 2014. What we didn't ... READ MORE

Becoming a Master Template Creator with Jinja2: Introduction

December 30, 2015 By Jeremy

In my previous line of work, I made a living as a web developer. My time was spent building websites in content management systems, customizing the front end for clients and ensuring the back-end was usable and worked as intended. Today, I mostly tap my front-end developer experiences for building websites for use in social engineering campaigns. As we don't use content ... READ MORE

  • Go to page 1
  • Go to page 2
  • Go to Next Page »

Primary Sidebar

Categories

  • Defense
  • Forensics
  • Offense
  • Physical
  • R&D

Most Viewed Posts

  • DLL Injection Part 1: SetWindowsHookEx 10.8k views
  • Sophos UTM Home Edition – 3 – The Setup 10.8k views
  • Leveraging MS16-032 with PowerShell Empire 10k views
  • Bypassing Gmail’s Malicious Macro Signatures 9.8k views
  • How to Bypass SEP with Admin Access 8.9k views

Footer

  • RSS
  • Twitter
  • Tools
  • About
  • RSM US LLP

+1 800 903 6264

1 S Wacker Dr Suite 800
Chicago, IL 60606

Copyright © 2023 RSM US LLP. All rights reserved. RSM US LLP is a limited liability partnership and the U.S. member firm of RSM International, a global network of independent audit, tax and consulting firms. The member firms of RSM International collaborate to provide services to global clients, but are separate and distinct legal entities that cannot obligate each other. Each member firm is responsible only for its own acts and omissions, and not those of any other party. Visit for more information regarding RSM US LLP and RSM International.