Webinar Takeaway: How to Build a Phishing Engagement - Coding TTP´s

My key takeaways

Automation tools like Ansilble, terraform and docker can also create a evil environment eg for phishing

Don't put sensible tokens or passwords in ainsible config files but use a cloud password manager and pull the pass as variable into ainsible

Best of phishing themes: give away 2 iPhones or check a link out on dropbox

You can automate SPF and DKIM configuration through terraform

additional links

Ethical considerations in phishing tests: to inform employees or not?

TL;DR This article delves into the ethical considerations in phishing tests, highlighting the balance needed between conducting realistic simulations and maintaining fairness in cybersecurity training. This article explores the complexities of conducting phishing simulations in the workplace. Key takeaways include the importance of transparency in fostering a positive security culture, building trust through clear communication,

Webinar takeaway: Implement DMARC the Right Way to Keep Phishing Attacks Out of Your Inbox

My key takeaways DMARC uses SPF and/or DKIM In 2021 the National Defense Authorization Act says the Department of Homeland Security (DHS) must implement DMARC US wide there exists an RFC for "email from" SPF = receiving email server checks MAIL FROM address or the domain’s IP address in the HELO handshake against the sender’s

Jean-Christoph von Oertzen

Blog

Infosec glossary

Webinar Takeaway: How to Build a Phishing Engagement – Coding TTP´s

My key takeaways

Env

additional links

You may also like

Ethical considerations in phishing tests: to inform employees or not?

Webinar takeaway: Implement DMARC the Right Way to Keep Phishing Attacks Out of Your Inbox