Practical Phishing Campaigns

This specialized and comprehensive course is designed to provide an in-depth understanding of cybersecurity practices, with a focus on ethical hacking techniques to safeguard digital infrastructure. Through a series of detailed modules, participants will delve into modern security architectures, learn how to set up and manage phishing simulations using tools like GoPhish, bypass multi-factor authentication with Evilginx, and explore advanced phishing and vishing strategies. The curriculum also covers essential setup procedures for domain and email registration, configurations for AWS EC2 instances, and the use of SMS phishing (smishing) for security testing. Furthermore, the course emphasizes the importance of reporting, documentation, and ethical considerations in cybersecurity operations.

• Access to a computer with internet connectivity capable of running virtual machines for tool setup and simulations.
• Basic familiarity with command-line interfaces, networking concepts, and cybersecurity fundamentals is recommended for an optimal learning experience.

• Cybersecurity professionals seeking to enhance their skills in ethical hacking and digital defense strategies.
• IT personnel tasked with safeguarding organizational digital assets and interested in practical, hands-on approaches to cybersecurity.
• Individuals pursuing a career in cybersecurity, aiming to gain proficiency in contemporary ethical hacking tools and techniques.
• Security consultants looking to expand their toolkit with advanced phishing and social engineering strategies.

• The Perimeter – A Cat and Mouse Game
  • About Me
  • About the Course
  • An Important Announcement
  • Today’s Perimeter
  • Modern Security Architecture
  • Phishing Domains Advice
  • Multi-Factor Authentication Advice
  • Spam Filters Avoidance Advice
  • Whitelisting Advice
• Domain Registration
  • Domain Registrar Options
  • Amazon AWS Route 53 Setup
• Email Registration
  • Email Registrar Options
  • Mailgun Setup
• Gophish – Basic Phishing
  • Creating an AWS EC2 Instance
  • GoPhish Setup
  • Configuring Gophish as a System Service
  • Configuring TLS Certificates
  • Email Sending Profile Setup
  • Sending Our First Campaign
• Gophish – Hardening and Advanced Techniques
  • Hardening Our Server
  • Email Sender Hardening
  • Custom HTML for Emails
  • Custom HTML for Landing Pages
  • Forgot your Password? Do This
  • GoPhish Setup in a Nutshell
• Evilginx – MFA Bypass
  • Evilginx Setup
  • DNS Fixes
  • Running Evilginx
  • Setting Up Domains For Phishlets
  • Running a Custom Phishlet
  • Combining the Power of Gophish and Evilginx
  • Protecting Evilginx
  • Evilginx Setup in a Nutshell
• Evilgophish – SMS Phishing
  • Warning: Twillio Changes
  • Evilgophish Setup
  • Evilgophish Admin Setup
  • Evilgophish Evilginx Setup
  • Twillio Setup
  • Sending Our Smish
• Vishing Strategies
  • Vishing SMSing Advice
• Reporting, Documentation, and Cleaning Up
  • Tips for Defenders
  • Cleaning Up Our Domains
  • Gophish Event Logs
  • Reporting and Documentation
• Thank You!
  • Thanks!