It’s widely known that the weakest link in the security of any organization is the human. Penetration testers and red teamers are known for testing those organizations in a variety of ways to make sure weaknesses are found by you first before the bad guys do. The same goes for phishing!
Although phishing can be known as a non-technical attack and usually falls in the category of social engineering, a good red teamer knows there’s much more to it. Even most 3rd party phishing services can only go so far. This course shows you step-by-step how to create your own attack infrastructure AND numerous types of campaigns.
Price = $50
This is a “Name Your Price” course. Your options include:
- Minimum Price = $10
- Suggested Price = $50
- Pay more to support our community efforts
What do I get?
This course comes with a web-based virtual lab environment providing a Kali Linux machine and an Ubuntu server. You’ll setup the tools on your own and learn the following:
Module 1: Infrastructure Setup & Configuration
- 1.1 Domain Registration / Configuration
- 1.2 Email Infrastructure (SMTP, SPF, DKIM, DMARC)
- 1.3 GoPhish Installation and Setup
Module 2: Recon & Enumeration
- 2.1 Email Discovery / OSINT
- 2.2 Breach Data and Identifying Portals
Module 3: Pretexts
- 3.1 Pretexts and Themes
- 3.2 Language, Formatting, and Signatures
Module 4: Credential Campaigns
- 4.1 Portal Cloning
- 4.2 Capturing Credentials and Session Tokens with Evilginx3
Module 5: Payload Campaigns
- 5.1 Payload Generation
- 5.2 Hosting, Delivery Methods, and Triggers
Module 6: Device Code Campaigns
- 6.1 OAuth Device Code Flow Abuse & Token Capture
- 6.2 Graphrunner and Custom Scripts
Module 7: Campaign Deployment & Metrics
- 7.1 Continued GoPhish Usage / Custom Campaigns
- 7.2 Tracking Interactions and Metrics
- 7.3 Redirectors, Fingerprinting, and Logging
Module 8: Evasion, Persistence, and Post-Access
- 8.1 Evasion Techniques
- 8.2 Maintaining Persistence
Module 9: Cleanup, Reporting, and Review
- 9.1 Tearing Down Infrastructure
- 9.2 Extracting and Presenting Campaign Data
- 9.3 Lessons Learned
Note: Subject to change before official release
Prerequisites for Phishing
No prior knowledge is assumed although basic networking, Linux and practice with VMs is recommended.
