Phishing Credential Harvesting and Beyond

Learn how to phish using payloads and credential harvesting with TFA interception.
Tags:
Categories:

Learn how to run successful phishing campaigns.

QR Code

Prerequisites

Introduction

Infrastructure

What isn't covered?

Lab Environment

Lab Environment: Rules of Engagement

Setup Operations Directory

OSINT

Mailhog

Gophish

Target Acquisition

Target Acquisition: Git

Basic Credential Harvesting

State Review I

Implant Setup With Sliver

Sliver: Generating an implant

Basic Implant Delivery

State Review II

Modlishka

Setup MFA Authentication Provider

Reconfigure Modlishka With MFA Authentication Provider

Test Modlishka MFA Bypass

Not So Basic Credential Harvesting

Email Filtering Bypass

Modlishka Terminate to Implant Download

Better Payload Generation

Bot Detection

Traefik Reverse Proxy

Wrap up

Last modified August 28, 2024: fix messed up copy over (bd9a3a7)