back to top

Phishing – A Technical Course for Red Teaming

By Cori Macy
6353

“Phishing” Casts Off July 1!

It’s widely known that the weakest link in the security of any organization is the human. Penetration testers and red teamers are known for testing those organizations in a variety of ways to make sure weaknesses are found by you first before the bad guys do. The same goes for phishing!

Although phishing can be known as a non-technical attack and usually falls in the category of social engineering, a good red teamer knows there’s much more to it. Even most 3rd party phishing services can only go so far. This course shows you step-by-step how to create your own attack infrastructure AND numerous types of campaigns.

Pre-Release Contest Live NOW!

Purchase “Phishing” during the month of June before the official release on July 1, and you’ll be automatically entered into a random drawing where 3 lucky students will win one of the following:

  1. Constructing Defense 2025 ($500 value)
  2. The Mishaal Bundle ($460 value)
  3. John Hammond’s Dark Web and Cybercrime Investigations Course ($125 value)

Yes… that’s over $1000 in prizes for a course costing only $10 – $50!

Price = $50

This is a “Name Your Price” course. Your options include:

  • Minimum Price = $10
  • Suggested Price = $50
  • Pay more to support our community efforts
Course Details & Purchase >

What do I get?

This course comes with a web-based virtual lab environment providing a Kali Linux machine and an Ubuntu server. You’ll setup the tools on your own and learn the following:

Module 1: Infrastructure Setup & Configuration

  • 1.1 Domain Registration / Configuration
  • 1.2 Email Infrastructure (SMTP, SPF, DKIM, DMARC)
  • 1.3 GoPhish Installation and Setup

Module 2: Recon & Enumeration

  • 2.1 Email Discovery / OSINT
  • 2.2 Breach Data and Identifying Portals

Module 3: Pretexts

  • 3.1 Pretexts and Themes
  • 3.2 Language, Formatting, and Signatures

Module 4: Credential Campaigns

  • 4.1 Portal Cloning
  • 4.2 Capturing Credentials and Session Tokens with Evilginx3

Module 5: Payload Campaigns

  • 5.1 Payload Generation
  • 5.2 Hosting, Delivery Methods, and Triggers

Module 6: Device Code Campaigns

  • 6.1 OAuth Device Code Flow Abuse & Token Capture
  • 6.2 Graphrunner and Custom Scripts

Module 7: Campaign Deployment & Metrics

  • 7.1 Continued GoPhish Usage / Custom Campaigns
  • 7.2 Tracking Interactions and Metrics
  • 7.3 Redirectors, Fingerprinting, and Logging

Module 8: Evasion, Persistence, and Post-Access

  • 8.1 Evasion Techniques
  • 8.2 Maintaining Persistence

Module 9: Cleanup, Reporting, and Review

  • 9.1 Tearing Down Infrastructure
  • 9.2 Extracting and Presenting Campaign Data
  • 9.3 Lessons Learned

Note: Subject to change before official release

Prerequisites for Phishing

No prior knowledge is assumed although basic networking, Linux and practice with VMs is recommended.

Course Details & Purchase >
Just Hacking Training (JHT) - Cori Macy

Cori Macy

Cori Macy (aka Corgi) helps manage the penetration testing team at LBMC, where she spends most of her time breaking things and ending meetings early when no one has anything to say. Outside of work, she organizes BSides Nashville and Nashville’s DEF CON group, both focused on building community and technical skills. She’s also shared security insights through podcasts, conference talks, YouTube videos, and BBC News.

Announcements

Get Mishaal's OpSec Course FREE!

In honor of Father's Day, Mishaal lowered the minimum price of OpSec to $0 for everyone until June 20th!

Win JHT Training!

Buy Cori Macy's "Phishing: A Technical Course for Red Teaming" before the July 1 release for a chance to win!

Yes... $1000+ in prizes for a "Name Your Price"
course costing only $10 – $50!

June Course Launch

ConDef Lite, the DIY Lab Version of ConDef 2025
Only $120 until June 30

Additional content in this category:
Coming SoonCourse

Explore Ways to Learn

Just Hacking Training is part of JH LLC