Category: Vector Command

Gone Phishing with Vector Command

Vector Command Opportunistic Phishing Blog

During one of our customer engagements, our red team will continuously attack your network to see if we can exploit a vulnerability. One of the tactics, techniques and procedures (TTPs) we use is “Opportunistic Phishing”. First, let’s share a quick reminder about what Vector Command is.

Vector Command is Rapid7’s new continuous red teaming managed service, designed to  assess your external attack surface and identify gaps in the security defenses on an ongoing basis. Vector Command continues the expansion of our Exposure Management solutions for our customers. While external attack surface management (EASM) tools offer visibility, they often fall short in validation, generating lengthy lists of potential exposures for security teams to sift through. Traditional penetration testing can help validate vulnerabilities, but its point-in-time nature risks leaving critical exposures undetected for extended periods. With Vector Command, our red team will continuously look for exploitable vulnerabilities.

Vector Command Opportunistic Phishing Blog
Rapid7’s Vector Command Landing page

Hacking the Human

Social engineering attacks are based on the exploitation of someone’s personality and can be referred to as “hacking the human”.

Security professionals often comment how the employee can often be the weakest link in a company’s security posture. From end-of-day tiredness, to our more relaxed nature during a quick lunch break and even our predisposed trusting tendencies towards those causes we care deeply about, can be exploited by threat actors. This is the “social” aspect in “Social Engineering”. Humans can be manipulated into making mistakes through psychological means and giving our login credentials away or other sensitive information.

Opportunistic Phishing - The Human Touch

Opportunistic Phishing, also known as “untargeted attacks” may have no warning signs and is often deployed spontaneously, without a specific target. Rapid7’s red team will use this technique to see what information they can get from a customer engagement.

Let’s take the hypothetical example of a former IT contractor who was employed by a company. The off-boarding policy has not yet been completed. The IT contractor had elevated access to one business application containing personally identifiable information (PII). Our red team, once they identify this former contracted employee, could use their access rights to gain entry to sensitive PII and services on the corporate network.

When an opportunistic attempt is executed by a threat actor, it is most commonly conducted via malware or phishing over email.

In this specific technique, an attacker will send out fraudulent messages, taking care to design the emails to look like the actual organization, often using similar logos, fonts, and signatures. Inside the body of the message will be a URL, typically with a misspelled domain name or extra subdomain. If the recipient is not savvy enough to recognise the fake web address from the real one and clicks on the link, this is when the malware is activated as an executable file and downloaded to the device. The payload often  includes keylogging software, used to collect keystrokes, including your passwords, which now gives the threat actor access to your company network.

By deploying this tactic, Rapid7’s red team, think, act and behave like a threat actor, but without the malicious consequences for your organization. Using opportunistic phishing, we will find and identify where your security gaps are, with respect to technology (through different configuration types for campaigns) and people, helping you to act and respond. Our advanced Vector Command reporting even gives a detailed outline of the situation, including remediation recommendations for your IT and Security teams.

Vector Command Opportunistic Phishing Blog
A sample report for a Phishing campaign completed by our Vector Command red team

What should you be on the lookout for?

Let's explore some typical phishing examples that frequently target organizations.


  • Invoices for companies that you do not have a supplier agreement with.
  • Shipping notifications from large retailers, both online and the high street.
  • Password reset requests for your email, or other online account e.g. Amazon, or PayPal.
  • Tax refund emails either at the time of needing to submit your tax return (when it is time sensitive) or months away from when it needs to be completed (anomalous behavior).
  • Can you spot poor grammar, or spelling errors in the subject, or within the body of the email, that would indicate it is not from a reputable source?
  • Does the email have a sense of urgency - “Act now”?
  • Generic greetings like “Dear Customer” as opposed to a more personalized one.
  • Surveys from third-parties or workplace experience coordinators that are out-of-place.
  • Suspicious login alerts from common applications sourcing from an untrusted sender.
  • Password reset requests for your email, or other online account e.g. Amazon, or PayPal.
  • Employee benefit emails either at the time of needing to submit your elections (when it is time sensitive) or months away from when it needs to be completed (anomalous behavior).
  • Shared documents and calendar invitations from third-parties you do not commonly interact with.
  • Browser extensions, software updates, and installation requests via email or phone.
  • Verify unexpected phone calls through internal communication applications such as Teams, or Slack.

Take Command of your Attack Surface

Stay tuned as we continue to share insights of other TTPs employed by Rapid7's expert  red team to test your cyber resilience.

We have created a self-guided product tour for Vector Command which you can check out at your leisure.

Vector Command: Request Demo ▶︎

Ready to see how continuous red team managed services can ensure your potential attack pathways are remediated before they can ever be exploited?

Rapid7 Introduces Vector Command, a New Managed Service for Continuous Red Teaming

Rapid7 is delighted to announce the launch of Vector Command, a continuous red teaming managed service designed to assess your external attack surface and identify gaps in the security defenses on an ongoing basis. Following the launch of Surface Command and Exposure Command in August, Vector Command will continue our expansion of Exposure Management protection for our customers.

In today’s digital landscape, organizations are more exposed to cyber threats than ever before. Cloud resources, SaaS solutions, and ever-growing shadow IT create vast external attack surfaces, making businesses increasingly vulnerable. Meanwhile attackers are constantly on the prowl, conducting reconnaissance to exploit weaknesses. Security teams lack visibility into their internet-facing exposures, leaving them vulnerable to potential breaches.

While external attack surface management (EASM) tools offer visibility, they often fall short in validation, resulting in lengthy lists of potential exposures for security teams to sift through. Traditional penetration testing can help validate vulnerabilities, but its point-in-time nature risks leaving critical exposures undetected for extended periods.

Introducing Vector Command

Vector Command is designed to address these challenges head-on, providing a continuous, proactive approach to securing your external attack surface by combining Rapid7’s trusted technology for external attack surface assessments with our world-class red team expertise. By providing an attacker’s perspective, Vector Command empowers security teams to visualize internet-facing assets, validate critical exposures, and take decisive action to mitigate risks.

Vector Command benefits include:

  • Increased visibility of the external attack surface with persistent, proactive reconnaissance of both known and unknown internet-facing assets
  • Improved prioritization with ongoing, expert-led red team operations to continuously validate your most critical external exposures
  • Same-day reporting of successful exploits with expert-vetted attack paths for multi-vector attack chains and a curated list of “attractive assets” that are likely to be exploited
  • Monthly expert consultation to confidently drive remediation efforts and resiliency planning

Rapid7 advantage: trusted technology and red team expertise

At the heart of Vector Command is our red team operators, among the best in the industry, bringing years of experience in simulating real-world attacks and identifying vulnerabilities that automated tools might miss. This combined with our recently launched Command Platform’s external attack surface assessment capability provides a unique and powerful solution to ensure that you are not just receiving a list of potential vulnerabilities, but actionable insights based on real-world attack scenarios.

External attack surface assessment: Powered by Rapid7’s Command Platform, Vector Command will leverage the external attack surface capability to perform ongoing, active reconnaissance and discovery of your external attack surface to help you

  • Find the unknown and ensure continuous understanding of where shadow IT or unknown business assets may exist like exposed web services, remote admin services, and more
  • Zero-in on potential remote access risks, and risky or unencrypted services
Rapid7 Introduces Vector Command, a New Managed Service for Continuous Red Teaming

Red team expertise: Our expert operators leverage the latest tactics, techniques, and procedures (TTPs) to safely exploit the external exposures and test your security controls with red team exercises like:

  • Opportunistic phishing - Our experts will design and conduct phishing campaigns using the latest TTPs with focus on demonstrating the impact of credential capture and payload execution.
  • External network assessment - Ongoing assessment of vulnerabilities exposed in the external network, focused on obtaining access to your organization and its sensitive systems.
  • Post-compromise breach simulation - Upon breach, our experts will safely emulate the latest tactics to obtain command and control over the compromised system. Post-exploitation activities emulate adversary behavior to assess privilege escalation, lateral movement, and persistence.
  • Emergent threat validation - Assess your network perimeter’s susceptibility to the latest Rapid7 emergent threat vulnerabilities to validate patching and security configurations.
Rapid7 Introduces Vector Command, a New Managed Service for Continuous Red Teaming

Take command of your attack surface defenses

In an era where cyber threats are constantly evolving, Vector Command empowers you to stay one step ahead of attackers. By providing continuous visibility, validation, and expert guidance, we help you transform your cybersecurity posture from reactive to proactive.

Don’t wait for a breach to expose weaknesses in your defenses. With Vector Command, you can command your attack surface with confidence, knowing that you have Rapid7’s trusted technology and Red Team expertise on your side.

Learn More