-InsideMan is an internal Windows phishing executable that utilizes Powershell Get-Credential calls in an attempt to coerce the user into typing thier plaintext password into the prompt. The plaintext password is then written to a file named windows32.txt located in the user's Documents directory.
+Inspired by the "A Theif" method from the Sektor7 Windows Privilege Escallation Course, InsideMan is an internal Windows phishing executable that utilizes Powershell Get-Credential calls in an attempt to coerce the user into typing thier plaintext password into the prompt. The plaintext password is then written to a file named windows32.txt located in the user's Documents directory.
This is not a sophisticated attack. Might set off an alarm or two with advanced EDR looking for abnormal powershell calls.
This is not a sophisticated attack. Might set off an alarm or two with advanced EDR looking for abnormal powershell calls.
assume-breach