Posted In:Pentest Geek - Phishing Resources

standard

SSL Certificate from letsencrypt.org – Setup Guide

2016/05/31 | Posted In Phishing | No comments
Author: zeknox

I’m sure many of you have heard of the new free service from letsencrypt.org which essentially offers a valid SSL Certificate for everyone. The goal of the project is to run the entire internet over HTTPS without any excuses.

I’ve been using the service since early this year when they launched the beta, and I have to tell you that it is legit and something you really should be incorporating into your e-mail phishing process. Since we are going to provide professional phishing services for our clients, doing it over HTTPS and with a valid SSL Certificate is a must whenever we harvest sensitive info. Read More


standard

Phishing Frenzy: SSL Support on Rails 4 with Syntax Highlighting

2014/12/04 | Posted In Phishing | No comments
Author: zeknox

It’s been a little over a year since I started phishing full time with Phishing Frenzy and there is no looking back now. The project has really come a long way since I first started with it. I can’t thank the community enough for all the support and contributions along the way. Phishing today seems more enjoyable than ever before and I owe a lot of that gratification to Phishing Frenzy.

If you haven’t had a chance to checkout the project, I highly recommend you do and get involved. We are always seeking new templates to be added to our official gallery for the entire community to use, tweak and share.

Read More


standard

Phishing Frenzy: HTA PowerShell Attacks with BeEF

2014/07/22 | Posted In Phishing | Comments: 2
Author: zeknox

If you’re not currently using Phishing Frenzy, BeEF, or PowerSploit for your Phishing campaigns you’re really missing out. In this article we are briefly going to cover what I consider to be one of the “new hotness” attack vectors that every pentester should be using in their next phishing assessment.

With that said we are very pleased to announce that BeEF is now integrated in Phishing Frenzy. If you’re not familiar with BeEF or its capabilities I would highly recommend you check it out. BeEF is the browser exploitation framework and one of the major features is the ability to hook browsers and inject JavaScript into browser sessions.

With the recent addition of BeEF integration to Phishing Frenzy you can now hook and launch client side attacks easier than ever. With a simple click of the button Phishing Frenzy will instantly add JavaScript tags that BeEF requires. This means any target landing on your phishing page will instantly get hooked if JavaScript is enabled (which it usually is!).

Read More


standard

Phishing Frenzy: Increase Reporting Fu

2014/06/11 | Posted In Phishing | Comments: 2
Author: zeknox

The development and addition of new features within Phishing Frenzy (PF) continues to grow. Some of these latest upgrades and email phishing features come from a lot of feedback that I have obtained from the community. Thank you all for the great feedback regarding PF.

Recently PF was converted and upgraded to run the latest version of bootstrap. Previously PF was running bootstrap version 2 and was missing out on some of the latest bootstrap features. The conversion was fairly long and painful, but the end result is very pleasing.

Read More


standard

Phishing Frenzy: Installing the Monster

2013/12/30 | Posted In Phishing | Comments: 9
Author: zeknox

If you’ve been following along with us, you’ve noticed we recently released a new software tool for penetration testers called Phishing  Frenzy (PF). PF is a feature rich ruby on rails application that helps manage your email phishing campaigns from creation, customization, to execution.

Since the release of PF we have been making lots of changes to help enhance the software for easier management of your email phishing  campaigns. Some of the biggest changes you’ll notice when you checkout the latest version is a new layout built on bootstrap, a new shiny logo, and sending of emails in the background using sidekiq.

Read More


standard

Introducing Phishing Frenzy

2013/11/04 | Posted In Phishing | Comments: 7
Author: zeknox

A couple weeks ago I presented at this years Derbycon on an email phishing platform that I have been working on. The web application is geared towards penetration testers who want to help streamline the creation and management of email phishing campaigns. The application is written in ruby on rails and is available for download on the Github repository: Phishing Frenzy.

For those of you who came out to my presentation, I appreciate you all getting up so early (Saturday 9am) to hear my talk. Those of you who missed the talk I went over some of the features of Phishing Frenzy and launched a live phishing simulation. You can see the recording below thanks to irongeek. If your looking to see just the demo, fast forward to 11:52.

Read More


standard

Track User Clicks when Email Phishing

2013/03/26 | Posted In Phishing | Comments: 3
Author: zeknox

When performing email phishing engagements my clients often ask or want to know what users actually clicked on the phishing email. There are many ways to accomplish this task, but I’m going to discuss the method I use to track each unique visitor to my phishing website.

I prefaced this article in one of my previous blog posts “How do I phish” where I discuss using a ruby script I call sendmail.rb. There is nothing special or magical about the script, it just offers an alternative way to send phishing emails that will assist in tracking each unique visit to your phishing website. There is also value in knowing the CIO or some other C-level executive was just phished.

Read More


standard

How do I phish? – Advanced Email Phishing Tactics

2013/01/30 | Posted In Phishing | Comments: 19
Author: zeknox

I’m often times asked how I perform email email phishing attacks.  Email phishing attacks are very compelling, and unique to each situation. The process of creating a successful email phishing campaign is very methodical, and most of the time and effort goes up front into the planning phase.

Understanding that good security is a multilayer approach and we will have many layers of security that could potentially destroy our email phishing campaign. Some of these layers may include Email Gateway Spam Filters, Outlook ‘Junk Email’ Filters, Host based Antivirus, Intrusion Prevention Systems, Web Proxy Servers, Egress filtering, and the list goes on and on.

Read More


Subscribe To Pentest Geek

Follow Pentest Geek

twitterrssyoutubetwitterrssyoutube

Recent Posts

Penetration Testing

Categories

Metasploit

Archives

Web Application Hacking

css.php