1 of 14

Fishing VS Phishing

Mane Hambardzumyan

2 of 14

FISHING

Fishing is the activity of trying to catch fish. Fish are often caught in the wild but may also be caught from stocked bodies of water. Techniques for catching fish include hand gathering, spearing, netting, angling and trapping.

3 of 14

PHISHING

  1. Deceptive Phishing
  2. Spear Phishing
  3. Whaling
  4. Vishing
  5. Smishing
  6. Pharming

PHishing is the activity of trying to catch sensitive info. (mainly) Techniques for phishermen:

4 of 14

Pharming

Or Local

5 of 14

Tools

What tools can be used for phishing ?

  • King-phisher
  • GoPhish
  • Infosec IQ
  • LUCY
  • Social-Engineering Toolkit (SET)
  • Manual (Make your own :D )

6 of 14

The Process of phishing (Not technical)

  1. Recon your target
  2. Make a scenario
  3. Make a web page/attachment
  4. Buy a domain and static IP address/server
  5. SMTP server
  6. Setup your tool and campaign

CEO

WE

7 of 14

RECON YOUR TARGET

  1. OSINT
  2. OSINT
  3. OSINT

Main things…

  1. Organization info (even brief)
  2. Logo and signature
  3. Department information
  4. Used technologies internally
  5. Hobbies or daily used apps (if individual)
  6. Activate STALKER mode :)

😈

8 of 14

Phishing mail with signature

9 of 14

Make a web page

I don’t know HTML CSS, what to do?

TOOOOOOOLS

1. HTML CSS builder… + JS hook

https://nicepage.com

OR

2. Open source web page cloning tools

10 of 14

Buy a domain with …

  1. I -> L (similar letters)
  2. GrammEr mistakes
  3. UTF-8 or Punycode
    1. Unicode -> ‘ευχαριστώ’
    2. ASCII -> xn--mxahn5algcq2e

Free domain providers

Dot.tk, Freenom

11 of 14

Mailserver

  1. Google
  2. Any other Mailserver

Why G Suite and what it provides?

  1. Can bypass most of spam patterns because it is trusted.
  2. Google verification TXT record in DNS configuration of the domain
  3. MX verification records
  4. Passcode for Third Party applications (More secure than providing your creds of email)

12 of 14

Excel Macro

13 of 14

King Phisher Brief Intro

14 of 14