7 Minute Security is a weekly information security podcast focusing on penetration testing, blue teaming and building a career in security. The podcast also features in-depth interviews with industry leaders who share their insights, tools, tips and tricks for being a successful security engineer.
https://7ms.us/
7MS #384: Creating Kick-Butt Credential-Capturing Phishing Campaigns
In this episode I talk about some things I learned about making your own kick-butt cred-capturing phishing campaign and how to do so on the (relatively) quick and (relatively) cheap! These tips include:
- Consider this list of top 9 phishing simulators.
- Check out GoPhish!
- Then spin up a free tier Kali AWS box
- Follow the instructions to install GoPhish and get it running on your AWS box
- Use the Expired Domains site to buy up a domain that is similar to your victim - maybe just one character off - but has been around a while and has a good reputation
- Add a G Suite or O365 email account (or whatever email service you prefer) to the new domain
- Create a convincing cred-capturing portal on GoPhish - I used some absolutely disguisting and embarassing HTML like this (see show notes on 7ms.us):
- Use this awesome article to secure your fancy landing page with a LetsEncrypt cert!
- Have fun!!!