7MS #384: Creating Kick-Butt Credential-Capturing Phishing Campaigns

In this episode I talk about some things I learned about making your own kick-butt cred-capturing phishing campaign and how to do so on the (relatively) quick and (relatively) cheap! These tips include:

• Consider this list of top 9 phishing simulators.
• Check out GoPhish!
• Then spin up a free tier Kali AWS box
• Follow the instructions to install GoPhish and get it running on your AWS box
• Use the Expired Domains site to buy up a domain that is similar to your victim - maybe just one character off - but has been around a while and has a good reputation
• Add a G Suite or O365 email account (or whatever email service you prefer) to the new domain
• Create a convincing cred-capturing portal on GoPhish - I used some absolutely disguisting and embarassing HTML like this (see show notes on 7ms.us):
• Use this awesome article to secure your fancy landing page with a LetsEncrypt cert!
• Have fun!!!