From a purely white hat perspective, please. Are there any good guides about how to perform a phishing campaign against a target? What is the best way to learn about this?
I’m particularly interested in spearphishing and whaling. Both the technical aspects (bypassing spam filters, etc) and psychological (getting targets to click the links).
Well I would recommend to check out “Social Engineering, The Art of Human Hacking”, and well the bypassing spam and filter’s AV and other it’s a completely different category, you might want to research malware development or check out MITRE so you can get familiar on what AP[Ts use for achieving that goal. That would be the technical aspects. The psychological will take some practice you should be a people person for this. A great example I can give you is an APT used the situation of COVID-19 and the COVID-19 vaccines to have people click on there links, look at the news what is trending how can you get people’s attention?. Is it a celebrity? a situation? an event?. That’s where you will need to understand OSINT to gather as much information as needed from your target. Hope this has helped.
What may seem too easy, but is actually a very good way to start an attack is simply visiting a targets website. You would be surprised how still in 2021, many companies list executive staff information on their company site. You could potentially find the names, numbers/extensions, and if you are super lucky the email addresses of the CEO, CFO, etc.
I’m currently developing a red on blue team testing grounds for my coworkers. The virtualized setup uses GoPhish, Mythic, Kali, Apache, VyOS, Debian BIND9 and pfSense. I’ll update you when I’m completely done with it.
The main idea behind the lab is focused on phishing but there are other acceptable uses as well.
You could use GMail forwarders but that almost defeats the purpose. I read once that most of the spam filters is represented by a value of trustworthiness. In the same light as GMail we can use the same concept called domain fronting with high trustworthy companies like Amazon / Microsoft who give your their domain’s to borrow. Here’s an example