You are a penetration tester working to test the user awareness of the employees of...

Weaponization

The adversary analyzes the data collected in the previous stage to identify the

vulnerabilities and techniques that can exploit and gain unauthorized access to the

target organization. Based on the vulnerabilities identified during analysis, the adversary

selects or creates a tailored deliverable malicious payload (remote-access malware

weapon) using an exploit and a backdoor to send it to the victim. An adversary may

target specific network devices, operating systems, endpoint devices, or even

individuals within the organization to carry out their attack. For example, the adversary

may send a phishing email to an employee of the target organization, which may include a malicious attachment such as a virus or worm that, when downloaded, installs a backdoor on the system that allows remote access to the adversary. The following are the activities of the adversary: o Identifying appropriate malware payload based on the analysis o Creating a new malware payload or selecting, reusing, modifying the available malware payloads based on the identified vulnerability

o Creating a phishing email campaign o Leveraging exploit kits and botnets