![7 Minute Security artwork](https://is3-ssl.mzstatic.com/image/thumb/Podcasts123/v4/3f/c5/49/3fc5493b-b356-27bd-8751-e475bff2af75/mza_1008268055653442910.jpg/100x100bb.jpg)
7MS #384: Creating Kick-Butt Credential-Capturing Phishing Campaigns
7 Minute Security
English - October 12, 2019 04:09 - 50 minutes - 46.3 MB - ★★★★★ - 63 ratingsTechnology News Tech News information security security Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Previous Episode: 7MS #383: Tales of Internal Network Pentest Pwnage - Part 10
Next Episode: 7MS #385: A Peek into the 7MS Mail Bag
In this episode I talk about some things I learned about making your own kick-butt cred-capturing phishing campaign and how to do so on the (relatively) quick and (relatively) cheap! These tips include:
Consider this list of top 9 phishing simulators. Check out GoPhish! Then spin up a free tier Kali AWS box Follow the instructions to install GoPhish and get it running on your AWS box Use the Expired Domains site to buy up a domain that is similar to your victim - maybe just one character off - but has been around a while and has a good reputation Add a G Suite or O365 email account (or whatever email service you prefer) to the new domain Create a convincing cred-capturing portal on GoPhish - I used some absolutely disguisting and embarassing HTML like this (see show notes on 7ms.us): Use this awesome article to secure your fancy landing page with a LetsEncrypt cert! Have fun!!!