In this episode I talk about some things I learned about making
your own kick-butt cred-capturing phishing campaign and
how to do so on the (relatively) quick and (relatively) cheap!
These tips include:
Follow the instructions to
install GoPhish and get it running on your AWS box
Use the Expired Domains
site to buy up a domain that is similar to your victim - maybe just
one character off - but has been around a while and has a good
reputation
Add a G Suite or O365 email account (or whatever email service
you prefer) to the new domain
Create a convincing cred-capturing portal on GoPhish - I used
some absolutely disguisting and embarassing HTML like this (see
show notes on 7ms.us):
Use this awesome
article to secure your fancy landing page with a LetsEncrypt
cert!
Have fun!!!
About the Podcast
7 Minute Security is a weekly information security podcast focusing on penetration testing, blue teaming and building a career in security. The podcast also features in-depth interviews with industry leaders who share their insights, tools, tips and tricks for being a successful security engineer.