Everybody, so in this video, we're going to go over the full attack plan that we're going to be learning and implementing in this course.
So the first part of this is getting a hold of our phishing email and our domain.
So we'll be building a custom phishing email, which we're going over in a future VIDEO Then we're going to grab a custom domain based on the recently expired ones.
We'll go over the reason why that is.
And something that's not blacklisted.
We'll also make sure we have a custom email for that domain and verify the email servers reputations that we we don't have any problems in the future again.
All videos on those topics specifically.
And we will also configure DNS to make sure our domain or emails are accurately working for US phishing infrastructure.
Finally, our next step here is we're going to build a custom S3 bucket for our compromised data.
For the terms of persistence, we want to make sure that everything can be concluded to the next test or saved off for some other reason.
So that way, we can burn down our infrastructure, bring it back up and never have to worry about whether or not we lost the token or the user's username or the password or any auditing trail around it.
We'll also ensure the security of our S3 bucket, so only our EC2 instances can touch the S3 and the data that it contains.
To actually complete this persistence, and S3 will be creating the custom Python script to hook into evil James too, and push everything to our as three bucket in the correct format.
Again, you haven't heard of evil genes too yet, at least not in this course, but we'll have a whole video on what that is and how critical it is to this infrastructure.
So we're going to take evil genes, too.
Again, we'll talk about that later.
Essentially, that's the proxy engine for allowing us to do the phishing that we're doing, and we're going to build it out in an easy to instance based on a snapshot.
So that way, we can scale an upscale down for as many as we need and it's ready to go.
We never have to reconfigure the whole thing from start to finish, and it will also use Let's Encrypt don't automatically enable James to get about SSL certificate, so everything looks completely clean now.
Similar to able James to go, fish actually is the one sending out the emails via the email server.
So we're going to create a brand new, easy to instance for that snapshot.
It so it's scalable for us and ready to go, and we can ensure that we can burn this down after everything is done or if it gets compromised.
When I'm talking about compromise, in this sense, I'm not talking about somebody has access to machine.
But let's say the DfI team or the SoC team for the enterprise has found out which machine it's coming from and they start blocking it.
That's what I mean by that.
And then we can burn it down and bring it back up.
And that same thing goes for our easy to instance for evil James.
So our full attack path really comes here as follows.
We're going to research our domain and our phishing email, what type we want to do scare tactic, what it's going to include, how to format it, things like that.
We're going to go ahead and get our domain email configure.
Now these all be videos in and of themselves, we then build our S3 bucket and then build our able geo snapshot and configure it.
Same thing with our goldfish.
And then we're going to launch our goldfish and compromise.
We test user.
Then as we compromise, the user will be abusing two.
A with evil genes specifically will be able to steal the user's session, as well as their username and password and then log in is them in either respects.
And the important piece here is that when evil jinx abuses to F8, it allows us to get the session.
So since we have the session, we don't have to worry about two or three any longer.
The only thing we're going to worry about at that point is how long the session stays active or of somebody, whether the user or a back an administrator actually destroys the session.
So the important part here about able jinx of using to effect so we can steal the user's session, not just their username and password, because if we stole the username and password alone and we tried to log in would still prompt for two to effect.
We don't want that.
That can trigger something with the user.
It might look like it's a duplicate and sometimes they might accept it, but you don't want to rely on that.
So because of that, we're able to steal the session, which allows us to log in as the user.
At that point, we only have two things to worry about the user logging out and or the administrator logging the user out in the time in which the session is allowed to live, whether it's on activity or whether there's just a set time for it to expire at the end of it.
So that's going to be our full attack, that we'll be breaking down each one of these into their own video So we'll be going step by step on how to build all of this from scratch.
And our next day before we start getting into the good stuff is sort of like how the human psychology kind of works with which phishing, because that's going to be a critical piece to being able to build your phishing campaigns correctly.
What style do you use, whether it's spear phishing, mass, phishing, things like that, and when it's applicable and how to break through that inherent trust?