- Generate derivative domain names based off a given target using SingularOrPluralise, prependOrAppend, doubleExtensions, mirrorization, homoglyphs, dashOmission and punycode algorithms.
DATA: Credential Phish Analysis and Automation
- Performs screenshotting and analysis on suspect url(s) for interesting data.
- The go-to for building up SE campaigns.
- A very solid phishing platform actively developed and written in Go.
- A Python script to collect campaign data from GoPhish and generate a report.
- Awesome list for Social Engineering and Phishing.
- Site resources for reporting phishing attacks.
Knowbe4 Security Awareness Training
- Very up to date list of current spam/malware emails.
- University of Chicago.
[Bypassing Office365 Filters for Phishing]https://twitter.com/byt3bl33d3r/status/895333432401608704
- A twitter thread, and solid resource.
Practical waterholing through DNS typosquatting
- Another look into using typo's and punycode to misdirect.
Hacking The Human: SE Basics A series of essays on physical Social Engineering.
- Using Empire to generate payloads for phishing engagements.
Russian Hackers Are Using Google's Own Infrastructure to Hack Gmail Users
- Interesting read on using Google's AMP (Accelerated Mobile Pages) in phishing campaigns to buy trust.
Simulated Phishing Educational Campaign Guide
- Primarily a resource on how to use GoPhish, but a solid all around guide on the proper workflow of a phishing engagement (Google Docs).
Spam and Phishing in 2016 (Kaspersky)