this post was submitted on 10 May 2024
1285 points (98.6% liked)

Comic Strips

12819 readers
1102 users here now

Comic Strips is a community for those who love comic stories.

The rules are simple:

Web of links

founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 2 points 6 months ago

Damn. I’ve scripted out the entire process of verifying an owned domain in a hosted mail providers system, deploying the ec2 infrastructure, and installing and configuring gophish for a campaign, along with tearing everything down.

That header thing gophish adds is a default option that you can override by just setting that header to an empty string. Whoever runs campaigns for your employer either wants to make it easy for you to pass or doesn’t care about their job at all.

I’ve done it in the context of red team/adversary emulation campaigns before though, so the opsec needed to be a bit tighter than the mandatory phishing awareness stuff i guess.