Skip to content

Phishing.md

Latest commit

 

History

History
129 lines (81 loc) · 3.48 KB

Phishing.md

File metadata and controls

129 lines (81 loc) · 3.48 KB

Phishing - Medium

  1. Intro
  2. Writing Convincing Phishing Emails
  3. Phishing Infrastructure
  4. Using GoPhish
  5. Droppers
  6. Choosing a Phishing Domain
  7. Using MS Office in Phishing
  8. Using Browser Exploits
  9. Phishing Practical

Intro

  • Social engineering - psychological manipulation of people into giving info by exploiting weaknesses in human nature.

  • Phishing - social engineering delivered through mail.

  • Spear-phishing - phishing a single entity.

  • Smishing - phishing through SMS messages.

  • Vishing - phishing through phone calls.

1. What type of psychological manipulation is phishing part of? - Social engineering

2. What type of phishing campaigns do red teams get involved in? - Spear-phishing

Writing Convincing Phishing Emails

  • Sender's address - domain name that spoofs a significant brand, a known contact or a coworker.

  • Subject - something urgent, worrying or interesting.

  • Content - learn and research standard email templates and branding of the entity who is being impersonated.

1. What tactic can be used to find brands or people a victim interacts with? - OSINT

2. What should be changed on an HTML anchor tag to disguise a link? - Anchor text

Phishing Infrastructure

  • Infrastructure required for phishing campaign:

    • Domain name
    • SSL/TLS certificates
    • Email server/account
    • DNS records
    • Web server
    • Analytics

  • Automation tools for infrastructure:

    • GoPhish
    • Social Engineering Toolkit
1. What part of a red team infrastructure can make a website look more authentic? - SSL/TLS certificates

2. What protocol has TXT records that can improve email deliverability? - DNS

3. What tool can automate a phishing campaign and include analytics? - GoPhish

Using GoPhish

  • Sending profiles - connection details required to send phishing emails.

  • Landing page - website that the phishing email is going to direct the victim to.

  • Email Templates - design & content of email to be sent to victim.

  • Users & Groups - store email addresses of intended targets.

1. What is the password for Brian? - p4$$w0rd!

Droppers

  • Droppers - software that phishing victims tend to be tricked into downloading and running on their system; droppers are not malicious, they aid in unpacking or downloading malware.
1. Do droppers tend to be malicious? - nay

Choosing a Phishing Domain

  • Methods for choosing a phishing domain name:

    • Expired domains

    • Typosquatting

    • TLD alternatives

    • IDN homograph attack (script spoofing)

1. What is better, using an expired or new domain? - old

2. What is the term used to describe registering a similar domain name with a spelling error? - Typosquatting

Using MS Office in Phishing

  • MS Office documents with macros can be included as attachments; this can aid in installing malware.
1. What can Microsoft Office documents contain, which, when executed can run computer commands? - Macros

Using Browser Exploits

  • Browser exploits can be used in gaining control over a victim's computer.
1. Which recent CVE caused remote code execution? - CVE-2021-40444

Phishing Practical

1. What is the flag from the challenge? - THM{I_CAUGHT_ALL_THE_PHISH}