Phishing is a common attack characterized by simplicity and effectiveness; phishing emails are used to drop malware, cryptolocker, steal credentials… and they are successfull just because Dave. I suggest reading this page to understand “the existing forms of phishing attacks and the currently available mitigations“.

Companies – hopefully – train their employees with internal phishing campaigns; in this post I show how we can build a simple office document that – once opened – sends information to an external server. We can use the document – along with Gophish or other tools – to build our own phishing campaign and test our organization exposure to phishing, teaching people and rising awareness.

Continue reading “Make your own phishing campaign using office macro and Powershell as simple dropper” →