back to top

Phishing – A Technical Course for Red Teaming

By Cori Macy
17268

It’s widely known that the weakest link in the security of any organization is the human. Penetration testers and red teamers are known for testing those organizations in a variety of ways to make sure weaknesses are found by you first before the bad guys do. The same goes for phishing!

Although phishing can be known as a non-technical attack and usually falls in the category of social engineering, a good red teamer knows there’s much more to it. Even most 3rd party phishing services can only go so far. This course shows you step-by-step how to create your own attack infrastructure AND numerous types of campaigns.

Price = $50

This is a “Name Your Price” course. Your options include:

  • Minimum Price = $10
  • Suggested Price = $50
  • Pay more to support our community efforts
Course Details & Purchase >

What do I get?

This course comes with a web-based virtual lab environment providing a Kali Linux machine and an Ubuntu server. You’ll setup the tools on your own and learn the following:

Module 1: Infrastructure Setup & Configuration

  • 1.1 Domain Registration / Configuration
  • 1.2 Email Infrastructure (SMTP, SPF, DKIM, DMARC)
  • 1.3 GoPhish Installation and Setup

Module 2: Recon & Enumeration

  • 2.1 Email Discovery / OSINT
  • 2.2 Breach Data and Identifying Portals

Module 3: Pretexts

  • 3.1 Pretexts and Themes
  • 3.2 Language, Formatting, and Signatures

Module 4: Credential Campaigns

  • 4.1 Portal Cloning
  • 4.2 Capturing Credentials and Session Tokens with Evilginx3

Module 5: Payload Campaigns

  • 5.1 Payload Generation
  • 5.2 Hosting, Delivery Methods, and Triggers

Module 6: Device Code Campaigns

  • 6.1 OAuth Device Code Flow Abuse & Token Capture
  • 6.2 Graphrunner and Custom Scripts

Module 7: Campaign Deployment & Metrics

  • 7.1 Continued GoPhish Usage / Custom Campaigns
  • 7.2 Tracking Interactions and Metrics
  • 7.3 Redirectors, Fingerprinting, and Logging

Module 8: Evasion, Persistence, and Post-Access

  • 8.1 Evasion Techniques
  • 8.2 Maintaining Persistence

Module 9: Cleanup, Reporting, and Review

  • 9.1 Tearing Down Infrastructure
  • 9.2 Extracting and Presenting Campaign Data
  • 9.3 Lessons Learned

Note: Subject to change before official release

Prerequisites for Phishing

No prior knowledge is assumed although basic networking, Linux and practice with VMs is recommended.

Course Details & Purchase >
Just Hacking Training (JHT) - Cori Macy

Cori Macy

Cori Macy (aka Corgi) helps manage the penetration testing team at LBMC, where she spends most of her time breaking things and ending meetings early when no one has anything to say. Outside of work, she organizes BSides Nashville and Nashville’s DEF CON group, both focused on building community and technical skills. She’s also shared security insights through podcasts, conference talks, YouTube videos, and BBC News.

Announcements

Exclusive provider of BSidesChicago's pro workshops from 4 JHT All-Stars. Early Bird ends Sept 7 & seats will go fast! ACT NOW to spend the day with:

💻 John Hammond - Script-Based Malware Analysis
💻 Mishaal Khan - Level Up OSINT
💻 Ellie Daw - Vibe Coding for Responsible Adults
💻 Trevor Stevado - Hardware Hacking 101 w/ Kit!

2 New Courses in Sept!

  • SOC 101 - a Name Your Price course of between $25- $50 WITH a virtual lab.
  • WMD 4 - A new Windows MalDev trilogy begins! Get 20% Off until the end of Sept.
Additional content in this category:
Course

Explore Ways to Learn

Just Hacking Training is part of JH LLC