Today's episode is brought to you by ITProTV. It’s never too late to start a new career in IT or move up the ladder, and ITProTV has you covered - from CompTIA and Cisco to EC-Council and VMWare. Get over 65 hours of IT training for free by visiting https://itpro.tv/7minute.

In this episode I talk about some things I learned about making your own kick-butt cred-capturing phishing campaign and how to do so on the (relatively) quick and (relatively) cheap! These tips include:

  • Consider this list of top 9 phishing simulators.
  • Check out GoPhish!
  • Then spin up a free tier Kali AWS box
  • Follow the instructions to install GoPhish and get it running on your AWS box
  • Use the Expired Domains site to buy up a domain that is similar to your victim - maybe just one character off - but has been around a while and has a good reputation
  • Add a G Suite or O365 email account (or whatever email service you prefer) to the new domain
  • Create a convincing cred-capturing portal on GoPhish - I used some absolutely disguisting and embarassing HTML like this:
<html><head><title>Your rad awesome eyeball cool phishing portal!</title>
<style>
body {
	background-image: url("https://YOURMALICIOUSDOMAIN/static/background.jpg");
        background-repeat:no-repeat;
       background-size:cover;
}
</style>
</head><body><br/>
<br/>
<br/>
<br/>
<br/>
<br/>
<br/>
<br/>
<br/>
<br/>
<br/>
<br/>
<br/>
<center>
<table style="width:40%">
  <tbody><tr>
    <th><img src="https://YOURMALICIOUSDOMAIN/static/company-logo.png"/></th>
		<th><form action="" method="post" name="form">
		<p style="color:white;"><label>User Name:</label>   <input name="username" type="text"/>
		</p><p style="color:white;"><label>Password:</label>    <input name="password" type="password"/>
		<br/>
		<br/>
		<input type="submit" name="submit" value="Log On"/>
		</p></form>
	</th>
</tr>
</tbody></table>

<br/>
<br/>
<center>
<p style="color:white;"><b>Unauthorized use is prohibited!</b>
</p>
</center>
</body>
</html>