Phishing Guides for Pentesters?

From a purely white hat perspective, please. Are there any good guides about how to perform a phishing campaign against a target? What is the best way to learn about this?

I’m particularly interested in spearphishing and whaling. Both the technical aspects (bypassing spam filters, etc) and psychological (getting targets to click the links).



Well I would recommend to check out “Social Engineering, The Art of Human Hacking”, and well the bypassing spam and filter’s AV and other it’s a completely different category, you might want to research malware development or check out MITRE so you can get familiar on what AP[Ts use for achieving that goal. That would be the technical aspects. The psychological will take some practice you should be a people person for this. A great example I can give you is an APT used the situation of COVID-19 and the COVID-19 vaccines to have people click on there links, look at the news what is trending how can you get people’s attention?. Is it a celebrity? a situation? an event?. That’s where you will need to understand OSINT to gather as much information as needed from your target. Hope this has helped.


From today:

New link: PancakesCon 2 - Mishaal Khan - Phishing with Caricatures by Mishaal Khan - YouTube


Can I get access to this video ?

I have attached the new link to the original comment.

Thank you this is very educative

cool video, thanks for the link

Thank you for sharing the links with us. This is very helpful!

I recommend a book by Christopher Hadnagy, Social Engineering: The Science of Human Hacking.

It really puts you in the mindset of a hacker and gives tons or practical examples.