Forum Discussion
Attack Simulation Examples
Hi,
I was wondering if the attack simulation examples would be updated to include up to date examples and methods of attack like Quishing. Considering this is increasing in popularity, it would be extremely beneficial to educate employees on this.
AlexFogden I received an update regarding your request from the team
working on a plan to update AST for QR code phishing simulations and How to guides. no timeline for it just yet.
richa_bindalMicrosoft
AlexFogden A how to guide is made available in the product "Teaching Guide: How to recognize and report QR phishing messages". You can find it under global payloads in the content library. We are working on adding a training module on QR code phishing attacks, global payloads on QR codes, and supporting simulations with QR code.
AlexFogden I received an update regarding your request from the team
working on a plan to update AST for QR code phishing simulations and How to guides. no timeline for it just yet.
eliekarkafy I know at least one competitor who just implemented quishing within his simulations.
More details on schedule/expected deployment from MS would be helpful. We have to do our plans too.
AlexFogden I will raise this for the security product team for sure. Quishing is a new phishing technique used by attacker and i think now the focus is to provide the security admins with the right tool to protect the end users against it.
- We can decode QR codes using a python library. I would like this feature in a secure browser.
#bash
pip install opencv-python
pip install pyzbar
#python
import cv2
from pyzbar.pyzbar import decode
# Specify the path to the image file containing the QR code
image_path = "qr_code_image.png"
# Read the image file
image = cv2.imread(image_path)
# Perform QR code decoding
decoded_objects = decode(image)
# Display the decoded data
for obj in decoded_objects:
if obj.type == 'QRCODE':
url = obj.data.decode('utf-8')
print(f"URL: {url}") - As far as I am aware the AS payload editor can only place a link in the payload text. If you try to be clever and put the selected URL in a clickable image link, it won't work. If I am wrong about that, someone please post the HTML!
The best you could do in the short term would be to cook up a QR code for your internal landing zone and then add "... or click here to ..." to put the link directly after your QR code.
