BHIS | How to Build a Phishing Engagement - Coding TTP's - Ralph May
HTML-код
- Опубликовано: 16 июл 2024
- Join us in the Black Hills InfoSec Discord server here: / discord to keep the security conversation going!
Learn hackerops with Ralph May from Antisyphon Training: www.antisyphontraining.com/ha...
Music By Beau: www.nobandwidth.io
00:00 - FEATURE PRESENTATION: How to Build a Phishing Engagement - Coding TTP’s
01:06 - About Ralph May
01:58 - Disclaimers
03:19 - Overview
03:56 - Phishing is Hard
06:33 - Infrastructure
07:12 - Operational Security
08:39 - Designing a Phish
13:18 - Phishing Emails
15:48 - 1st Tool: EVILGINX2
17:30 - EVILGINX IOC’s
18:20 - 2nd Tool: GoPhish
19:08 - GoPhish IOC’s
20:52 - 3rd Tool: NGINX
22:08 - 4th Tool: Digital Ocean Cloud Provider
22:33 - 5th Tool: Mailgun Email Service
23:17 - 6th Tool: CDN-Azure
23:57 - Coding a Phish - 1st Tool: Ansible
26:33 - 2nd Tool: Terraform
29:01 - 3rd Tool: Docker
30:49 - Combining Ansible and Terraform
32:41 - Ansible Secrets
34:32 - DEMO: Executing a Phishing Engagement
42:40 - What’s Next
44:03 - QnA
57:08 - [Post]Show Banter™ - Ohs and Ahs
Description: Building a phishing engagement is hard. While the concept is straightforward, real-world execution is tricky. Being successful takes enormous amounts of up-front setup and knowledge in quickly evolving phishing tactics.
In this Black Hills Information Security (BHIS) webcast, we’re going to do just that. We will take a top-down look at how a phishing engagement is designed. Then we will work through coding this design, so we don’t have to keep building a phish. Lastly, we will touch on how to fly under the radar and how coding TTP’s help save time and guarantee accuracy.
Slidess1hb.sharepoint.com/Content&C...
Black Hills Infosec Socials
Twitter: / bhinfosecurity
Mastodon: infosec.exchange/@blackhillsi...
LinkedIn: / antisyphon-training
Discord: / discord
Black Hills Infosec Shirts & Hoodies
spearphish-general-store.mysh...
Black Hills Infosec Services
Active SOC: www.blackhillsinfosec.com/ser...
Penetration Testing: www.blackhillsinfosec.com/ser...
Incident Response: www.blackhillsinfosec.com/ser...
Backdoors & Breaches - Incident Response Card Game
Backdoors & Breaches: www.backdoorsandbreaches.com/
Play B&B Online: play.backdoorsandbreaches.com/
Antisyphon Training
Pay What You Can: www.antisyphontraining.com/pa...
Live Training: www.antisyphontraining.com/co...
On Demand Training: www.antisyphontraining.com/on...
Educational Infosec Content
Black Hills Infosec Blogs: www.blackhillsinfosec.com/blog/
Wild West Hackin' Fest RUclips: / wildwesthackinfest
Active Countermeasures RUclips: / activecountermeasures
Antisyphon Training RUclips: / antisyphontraining
Join us at the annual information security conference in Deadwood, SD (in-person and virtually) - Wild West Hackin' Fest: wildwesthackinfest.com/
#bhis #infosec
This was great. Enjoyed this talk a lot. Thank you.
Hey Ralph, when will the blog be out ?
What are the plans on offering "Building C2 and Phishing RedTeam Infrastructure" course?
Where's the blog?
Is the blog post ready?
hello , very nice project, i am a pentensting student , please i would like to know where and how to setup azure api keys and azure cdn and connect it with this project , thank you