awesome-phishing

Collection of useful resources for red teamers, pentesters, security reseachers and anyone interested in technical and non-technical aspects of phishing and related topics. Further information on Phishiverse.com.

Idea, concept and some resources from Awesome Red Teaming.

Feel free to contribute any resources that might help to improve this list.

Table of contents

• Email security

• OSINT for phishers

• Phishing infrastructure

• Payloads and filter evasion

• Tools and frameworks

• Books and ebooks

• Campaign write-ups

• Phishing prevention and detection

• Phishing-related scientific research

• Miscellaneous

↑ Email security

Encryption standards

• SSL vs TLS vs STARTTLS
• Two-Factor Authentication for Beginners
• How to encrypt email (Gmail, Outlook iOS, OSX, Android, Webmail)

Email authentication

• Part 3: How to Set up SPF and DKIM with Postfix on Ubuntu Server
• How to Set Up DKIM in 3 Simple Steps
• What is SPF & DKIM? And Why You Want to Have It Set Up (Updated)
• Authenticated Received Chain Overview
• The "iprev" Authentication Method
• How To Set Up Your Author Domain Signing Practices (HISTORIC)

Filtering techniques

• Spamtrap 101: What they Are, Why You Hit Them, & What to Do About It
• Classify emails into ham and spam using Naive Bayes Classifier
• Filtering Spam Using Naive Bayes
• Using SpamAssassin
• Sieve Tutorial
• The CRM114 & Mailfilter HOWTO
• fdm/MANUAL
• Nolisting: Poor Man's Greylisting
• Setting up an email honeypot spamtrap, malware, malspam trap.
• How to Add Antivirus and Spam Protection to Postfix Mail Server with ClamAV and SpamAssassin – Part 3
• Email Greylisting. How does greylisting work?
• DNSBL (DNS Black List)

↑ OSINT for phishers

• OSINT: How to find information on anyone
• Use buscador osint vm for conducting online investigations
• Using PGP Keys For OSINT
• Open-Source Intelligence (OSINT) Reconnaissance
• A Guide to Open Source Intelligence Gathering (OSINT)
• OSINT Resources for 2019
• Compilation of recon workflows

↑ Phishing infrastructure

• Going phishing with terraform
• Building resilient phishing campaign infrastructure
• Practical Phishing with Gophish
• Strengthen Your Phishing with Apache mod_rewrite and Mobile User Redirection
• Invalid URI Redirection with Apache mod_rewrite
• Expire Phishing Links with Apache RewriteMap
• Operating System Based Redirection with Apache mod_rewrite
• Combatting Incident Responders with Apache mod_rewrite
• Serving Random Payloads with NGINX
• Curi0usJack .htaccess
• Red Team Infrastructure Wiki
• Complete guide creating and hosting phishing page for beginners
• Automating gophish releases
• Mail Server Setup
• Safe red team infrastructure
• Automated red team infrastructure deployment with terraform - part 1
• Automated red team infrastructure deployment with terraform - part 2
• Infrastructure for ongoing red team operations
• Latest Trends in Cybersquatting
• Phishing with Unicode Domains
• Help spear phishing
• Phishing with Cobaltstrike
• Spear Phishing 101

↑ Payloads and filter evasion

• Evilginx - Advanced Phishing with Two-factor Authentication Bypass
• Evilginx 2 - Next Generation of Phishing 2FA Tokens
• Simulated Phishing Educational Campaign Guide
• Conducting USB Drop Tests With GoPhish
• Luckystrike a database backed evil macro generator
• Powershell empire stagers 1 phishing with an office macro and evading avs
• Executing metasploit empire payloads from ms office documemt properties part 1 of 2
• Executing metasploit empire payloads from ms office documemt properties part 2 of 2
• Phishing against protected view
• Phishing with powerpoint
• Phishing with empire
• Abusing microsoft word features phishing subdoc
• Phishing against protected view
• csv injection
• Excel macros with powershell
• Powerpoint and custom actions
• Macroless malware that avoids detection with yara rule)
• Hacking into whatsapp series part 2 phishing
• Macro-less code exec in msword
• Multi-platform macro phishing payload
• Whats the go to phishing technique or exploit
• MetaPhish: PDF Infection, Web SpearPhishing, TOR abuse & communications
• Microsoft office ntlm hashes via frameset
• Phishing Actor Using XOR Obfuscation Graduates to Enterprise Cloud Storage on AWS

↑ Tools and frameworks

OSINT tools

• Kali tools list
• OSINT framework
• Whois
• HaveIBeenPwnd
• Creepy
• Maltego
• Shodan
• Censys
• TheHarvester
• Recon-ng
• TinEye
• SearX

Phishing campaign tools

• Evilginx2
• GoReport
• Phishbuckets
• Lure
• Social Engineering Toolkit
• King Phisher
• FiercePhish
• ReelPhish
• Fishing Cat Server
• GoPhish
• LUCY
• CredSniper
• PwnAuth
• sptoolkit
• SpearPhisher
• Wifiphisher
• Ares
• Phishing-frenzy
• SPF
• Phishing pretexts
• Mercure
• Metasploit
• Cobalt strike
• PoT - Phishing On Twitter
• Domain Hunter
• BlackEye
• SocialFish

Payload tools

• The Browser Exploitation Framework
• LuckyStrike
• Shellter
• msfvenom
• The Backdoor Factory
• Veil framework

↑ Books and ebooks

• Phishing Dark Waters: The Offensive and Defensive Sides of Malicious Emails
• Phishing for Phools: The Economics of Manipulation and Deception
• Scam Me If You Can: Simple Strategies to Outsmart Today's Rip-off Artists
• Phishing: Detection, Analysis And Prevention
• Social Engineering: The Science of Human Hacking
• Don't Step in the Trap: How to Recognize and Avoid Email Phishing Scams
• Asset Attack Vectors: Building Effective Vulnerability Management Strategies to Protect Organizations
• Cyberpsychology: The Study of Individuals, Society and Digital Technologies
• Stealing Your Life: The Ultimate Identity Theft Prevention Plan
• Open Source Intelligence Techniques: Resources for Searching and Analyzing Online Information
• Swiped: How to Protect Yourself in a World Full of Scammers, Phishers, and Identity Thieves
• Spam Nation: The Inside Story of Organized Cybercrime - from Global Epidemic to Your Front Door

↑ Campaign write-ups

• Darknet diaries: The hack
• YouTube Impersonation Scams Offering Fake Rewards are Running Wild
• Tainted Leaks: Disinformation and Phishing With a Russian Nexus
• Nile Phish: Large-Scale Phishing Campaign Targeting Egyptian Civil Society
• Exposing One of China’s Cyber Espionage Units
• Grizzly Steppe - Russian Malicious Cyber Activity
• Analysing a massive Office 365 phishing campaign
• Gmail Phishing Campaign Racking Up Victims
• Spying on a Budget: Inside a Phishing Operation with Targets in the Tibetan Community
• An OSINT Analysis of the Elon Musk Bitcoin Scam
• Reckless Redux: Senior Mexican Legislators and Politicians Targeted with NSO Spyware
• Reckless Exploit: Mexican Journalists, Lawyers, and a Child Targeted with NSO Spyware
• Shifting Tactics: Tracking changes in years-long espionage campaign against Tibetans
• Packrat: Seven Years of a South American Threat Actor
• How millions of DSL modems were hacked in Brazil, to pay for Rio prostitutes
• Cloned RFE/RL phishing website in Uzbekistan
• Chinese hackers steal Gmail passwords: Google
• The RSA Hack: How They Did It

↑ Phishing prevention and detection

• Catching phishing before they catch you
• The Web's Identity Crisis: Understanding the Effectiveness of Website Identity Indicators
• Does Domain Highlighting Help People Identify Phishing Sites?
• Email Phishing Protection Guide – Blog 19: Email Phishing Protection Security Checklist
• Backtrack phishing email using Open-source intelligence gathering
• Phishing - Advanced URL Analysis - Obfuscation, Clickjacking and OSINT Gathering
• Blunting the phishers spear: A risk-based approach
• Deconstructing the Phishing Campaigns that Target Gmail Users
• How to Recognize Phishing Emails
• What can be learned from a phishing domain
• Dealing with cybersquatting, typosquatting and phishing

↑ Phishing-related scientific research

• Every ROSE has its thorn The dark art of Remote Online Social Engineering
• Data Breaches, Phishing, or Malware? Understanding the Risks of Stolen Credentials
• Hack for Hire: Exploring the Emerging Market for Account Hijacking
• Ichthyology-phishing-as-a-science
• DeepPhish: Simulating Malicious AI
• Why Phishing Works
• PhishEye: Live monitoring of sandboxed phishing kits
• Phishnet: predictive blacklisting to detect phishing attacks
• The current state of phishing attacks
• Resurgence of Phishing-as-a-Service (PhaaS) platforms
• Phishing in the public cloud: You’ve been served
• Decoys, Phishing, and the Cloud: The Latest Fan-out Effect
• Targeted Attacks Abusing Google Cloud Platform Open Redirection
• Understanding User Behaviors When Phishing Attacks Occur
• Weaponizing data science for social engineering: Automated E2E spear phishing on Twitter
• Do security toolbars actually prevent phishing attacks?
• Large-scale automatic classification of phishing pages
• Social phishing
• Phishing for phishing awareness
• A Framework for Detection and Measurement of Phishing Attacks
• PHISHING DETECTION VIA ANALYTIC NETWORKS
• ANALYSIS OF BACK-DOORED PHISHING KITS

↑ Miscellaneous

Phishing economy

• Evasive Phishing Driven by Phishing-as-a-Service
• There Is No Free Phish: An Analysis of" Free" and Live Phishing Kits.
• PHISHING FACTORIES AND ECONOMIES
• The Economy of Phishing: A Survey of the Operations of the Phishing Market

Phishing ethics

• Phishing Filosophy: Some philosophy to consider before launching a phishing test against your own company

Definitions

• Mitre ATT&CK: Spearphishing link
• Mitre ATT&CK: Spearphishing attachment
• Mitre ATT&CK: Spearphishing via service
• KnowBe4 info site
• OWASP: Social Engineering
• Anti-Pharming 101: What are pharming attacks?

OpSec

• HackBack: A DIY Guide
• A DIY Guide for those without the patience to wait for whistleblowers

Phishing quiz

• Google Phishing Quiz
• OpenDNS Phishing Quiz

Report sites

• PhishTank
• PhishBank

Other

• Defcon 24: Phishing without failure and frustation
• TedX: This is what happens when you reply to spam email
• VirusTotal
• mx toolbox
• TedX: Phishing for phools
• The OSINT-ification of ISIS on the Dark Web
• Amazing mind reader reveals his gift