Phishing – A Technical Course for Red Teaming

By Cori Macy
21726

It’s widely known that the weakest link in the security of any organization is the human. Penetration testers and red teamers are known for testing those organizations in a variety of ways to make sure weaknesses are found by you first before the bad guys do. The same goes for phishing!

Although phishing can be known as a non-technical attack and usually falls in the category of social engineering, a good red teamer knows there’s much more to it. Even most 3rd party phishing services can only go so far. This course shows you step-by-step how to create your own attack infrastructure AND numerous types of campaigns.

Price = $50

This is a “Name Your Price” course. Your options include:

  • Minimum Price = $10
  • Suggested Price = $50
  • Pay more to support our community efforts
Course Details & Purchase >

What do I get?

This course comes with a web-based virtual lab environment providing a Kali Linux machine and an Ubuntu server. You’ll setup the tools on your own and learn the following:

Module 1: Infrastructure Setup & Configuration

  • 1.1 Domain Registration / Configuration
  • 1.2 Email Infrastructure (SMTP, SPF, DKIM, DMARC)
  • 1.3 GoPhish Installation and Setup

Module 2: Recon & Enumeration

  • 2.1 Email Discovery / OSINT
  • 2.2 Breach Data and Identifying Portals

Module 3: Pretexts

  • 3.1 Pretexts and Themes
  • 3.2 Language, Formatting, and Signatures

Module 4: Credential Campaigns

  • 4.1 Portal Cloning
  • 4.2 Capturing Credentials and Session Tokens with Evilginx3

Module 5: Payload Campaigns

  • 5.1 Payload Generation
  • 5.2 Hosting, Delivery Methods, and Triggers

Module 6: Device Code Campaigns

  • 6.1 OAuth Device Code Flow Abuse & Token Capture
  • 6.2 Graphrunner and Custom Scripts

Module 7: Campaign Deployment & Metrics

  • 7.1 Continued GoPhish Usage / Custom Campaigns
  • 7.2 Tracking Interactions and Metrics
  • 7.3 Redirectors, Fingerprinting, and Logging

Module 8: Evasion, Persistence, and Post-Access

  • 8.1 Evasion Techniques
  • 8.2 Maintaining Persistence

Module 9: Cleanup, Reporting, and Review

  • 9.1 Tearing Down Infrastructure
  • 9.2 Extracting and Presenting Campaign Data
  • 9.3 Lessons Learned

Note: Subject to change before official release

Prerequisites for Phishing

No prior knowledge is assumed although basic networking, Linux and practice with VMs is recommended.

Course Details & Purchase >
Just Hacking Training (JHT) - Cori Macy

Cori Macy

Cori Macy (aka Corgi) helps manage the penetration testing team at LBMC, where she spends most of her time breaking things and ending meetings early when no one has anything to say. Outside of work, she organizes BSides Nashville and Nashville’s DEF CON group, both focused on building community and technical skills. She’s also shared security insights through podcasts, conference talks, YouTube videos, and BBC News.
Just Hacking Training (JHT) Logo
Affordable Hands-On Cybersecurity Training from Co-Founder John Hammond & 30+ All-Stars
Browse Entire CatalogBrowse Entire Catalog

Hardware Hacking 101 Is Here!

20% Off Launch Discount All Month
HH101 with Custom Kit only $280!

Say Hi in SF!

Play our 2 new Extended Upskill Challenges with VMs in the IoT Village at both BSidesSF and RSAC. Or Free NOW on JHT!

Recent Releases

- Courses: WMD 5, SIEMless Threat Hunting, Ransomware Analysis
- Bundles: 25% Off Dark Web 1 & 2,
50% Off 7 CTFs, 75% Off 7 HALs
- Free UCs: Proxmox, Metasploit, UCx - QEMU, UCx - mitmproxy, Maritime Cybersecurity, APIs in PowerShell 7, Nessus
- Blogs: Brief History of ConDef EcosystemConDef MCP – Meet Your AI Teaching Asst, Blue Team Training Roadmap

Start Windows Malware Dev

WMD 1 = $40
WMD Intro Path (1-3) = 46% Off

 

Top Picks

The Mishaal Bundle, ConDef 2026, API Hacking, Phishing, SOC Analyst 101

Courses In Production

WMD 6, Jr WebApp Pentester, Jr Network Pentest, OS Hardening...

Explore Ways to Learn