Phishing

• GoPhish
  • Open-source phish framework
• SingleFile
  • Clone a webpage, save as HTML
• wifiphisher
  • Rogue access point
• LinkedInt
  • LinkedIn recon
• hunter.io
  • Find professional email addresses
• nexphisher
  • Phishing via CLI
• Expired Domains
  • Handy for getting past reputation-based web filters
  • Also see: urlscan.io
• Follina
  • MSProtocol URI abuse
• malicious-pdf
  • Generate malicious PDFs
• Right-to-Left Override (RTLO)
  • Obfuscation technique to hide the true extension of a file
  • For example, take the filename filefdp.exe. Let's insert the RTLO unicode so we get file[]fdp.exe - now it'll render as fileexe.pdf
• BITB Attack Templates
  • Pretend you're one of those SSO popup windows
• filesec.io
  • File extensions that could be used in attacks
• evilnginx2
  • MITM proxy/framework
• murarena
  • Reverse proxy meant for automating phishing + post activities
• Mailgun
  • Email service with an API

Resources

• Long Live DMARC - Email Spoof issues
  • Lots of other interesting-looking pages as well
• SentinelOne: Malicious PDF Techniques
• SentinelOne: Paypal Phishing Scam Analysis
• Why BitB Attacks are Concerning
• MS Teams Attachment Spoofing
• Abusing the MS Office protocol scheme
• Phishing With Chromium's Application Mode
• PNG Steganography