The ways and techniques on how to obtain a initial access have changed over time as security measures and tools have improved and made some ways more difficult or even impossible. While most are familiar with traditional phishing emails and have visited countless security awareness lessons to identify such, do they know what click-fix is or why to not download any arbitrary browser extensions? Also some of these techniques target MacOS users, which is especially interesting as many companies do not protect their Mac Devices properly and still believe "We use MacOS, we are safe"
This talk aims to highlight past initial access techniques and why they are not used anymore. Based on this knowledge I'll show new and creative ways Threat Actors use today to establish initial access which is then abused directly by Ransomware Groups or sold in the Darkweb.