Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
SOLVED

Attack Simulation Examples

Copper Contributor

Hi, 

I was wondering if the attack simulation examples would be updated to include up to date examples and methods of attack like Quishing. Considering this is increasing in popularity, it would be extremely beneficial to educate employees on this.

6 Replies

@AlexFogden I will raise this for the security product team for sure. Quishing is a new phishing technique used by attacker and i think now the focus is to provide the security admins with the right tool to protect the end users against it.

best response confirmed by AlexFogden (Copper Contributor)
Solution

@AlexFogden I received an update regarding your request from the team 

 

working on a plan to update AST for QR code phishing simulations and How to guides. no timeline for it just yet.

We can decode QR codes using a python library. I would like this feature in a secure browser.

#bash
pip install opencv-python
pip install pyzbar

#python
import cv2
from pyzbar.pyzbar import decode

# Specify the path to the image file containing the QR code
image_path = "qr_code_image.png"

# Read the image file
image = cv2.imread(image_path)

# Perform QR code decoding
decoded_objects = decode(image)

# Display the decoded data
for obj in decoded_objects:
if obj.type == 'QRCODE':
url = obj.data.decode('utf-8')
print(f"URL: {url}")
As far as I am aware the AS payload editor can only place a link in the payload text. If you try to be clever and put the selected URL in a clickable image link, it won't work. If I am wrong about that, someone please post the HTML!

The best you could do in the short term would be to cook up a QR code for your internal landing zone and then add "... or click here to ..." to put the link directly after your QR code.

@AlexFogden A how to guide is made available in the product "Teaching Guide: How to recognize and report QR phishing messages". You can find it under global payloads in the content library. We are working on adding a training module on QR code phishing attacks, global payloads on QR codes, and supporting simulations with QR code. 

@eliekarkafy I know at least one competitor who just implemented quishing within his simulations.

 

More details on schedule/expected deployment from MS would be helpful. We have to do our plans too. 

1 best response

Accepted Solutions
best response confirmed by AlexFogden (Copper Contributor)
Solution

@AlexFogden I received an update regarding your request from the team 

 

working on a plan to update AST for QR code phishing simulations and How to guides. no timeline for it just yet.

View solution in original post