Webinar Takeaway: How to Build a Phishing Engagement – Coding TTP´s

My key takeaways

• Automation tools like Ansilble, terraform and docker can also create a evil environment eg for phishing
• Don’t put sensible tokens or passwords in ainsible config files but use a cloud password manager and pull the pass as variable into ainsible
• Best of phishing themes: give away 2 iPhones or check a link out on dropbox
• You can automate SPF and DKIM configuration through terraform

Env

• Provided by BHIS
• Presenter: Ralph May

additional links

• https://github.com/ralphte/build_a_phish
• https://www.terraform.io/
• https://github.com/mailhog/MailHog
• https://github.com/beefproject/beef
• https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/attack-simulator?view=o365-worldwide