Phishing
To Study [BHIS - Getting Access]
Performing reconnaissance to support each attack.
Setting up their own “botnet” with ProxyCannon to spread traffic across multiple source IP addresses.
Executing password guessing attacks such as credential stuffing and password spraying.
Phishing for credentials and sessions to bypass multi-factor authentication.
Setting up and using Azure Information Protection (AIP) to deliver encrypted phishing emails.
Creating “MalDocs”—Microsoft Office documents with embedded executable payloads.
Delivering executable payloads during a phishing campaign.
Articles:
Tools
Modlishka
SET
ReelPhish
PwnAuth
CredSniper
PhishingPretexts
Metrics
Who fell for the Phish?
Who reported the Phish?
OSINT
SPAM Traps
Spoofing Prevention Mechanism: MS Exchange
Factors affecting SPAM traps:
Domain's age
Links pointing to IP addresses
Link manipulation techniques
Suspicious attachments
Broken email content
Values used that are different to those of the mail headers
Existence of SSL certificate
Submission of page to web content filtering sites
Circumventing Defenses:
Check of target domain has SPF, DMARC, DKIM records configured.
Send a mail to non-existent user from target's domain and analyze the non-delivery notice message headers for critical information.
If spoofing is not an option, register a legitimate domain and set up DNS records.
Phishing with Google Domain
Fingerprinting
Fingerprint2
File Transfer
File.io
Transfer.sh
Firefox Send (encrypted)
JustBeamIt.com
Payload Generation
Banana
Scarecrows
Send e-mail to no-reply@domain.com with Target in Cc
Linux Trape
Useful for web hooks
Get IP Geolocation
Mail Template
Gophish
Grab Email Source code from "View original" within Gmail.
Import into Gophish and clean up the template.
Replace all URLs.
Sample Pretexts
Sending HTML Emails in Gmail
Youtube Link
Sending Attachments
Host on Mixmatch
Includes trackers as well
Abusing MSOffice For Post Exploitation
Reference: Kyle Avery
Last updated