Files

36 lines
1.1 KiB
Markdown

# Workflows — Social Engineering Penetration Testing
## Campaign Lifecycle
```
Authorization & Scoping
├── OSINT & Target Profiling
│ ├── Email harvesting
│ ├── LinkedIn/social media reconnaissance
│ └── Target group selection
├── Infrastructure Setup
│ ├── Domain registration (lookalike)
│ ├── GoPhish/Evilginx deployment
│ ├── SMTP configuration (SPF/DKIM)
│ └── Landing page creation
├── Campaign Execution
│ ├── Phishing emails (batched sends)
│ ├── Vishing calls
│ ├── Physical pretexting
│ └── USB drops
├── Monitoring & Data Collection
│ ├── Email opens/clicks tracking
│ ├── Credential captures
│ ├── Call recordings/notes
│ └── Physical access logs
└── Reporting & Training
├── Metrics compilation
├── Risk scoring
├── Executive report
└── Targeted training recommendations
```