Security in Obscurity

Initial Access with King Phisher

Pluralsight, October 2020

Initial Access with King Phisher is a course that is published by Pluralsight. You can access the full course on Pluralsight here. You need a Pluralsight subscription to watch this course. If you do not already have a subscription, I have a partnership with Pluralsight and the banner above features a link to get a FREE trial if you are interested in viewing the course in its entirety. Below you can find a sample of the course contents.

King Phisher is an open source phishing toolkit tool which red team members who are looking to gain initial access to a system or credentials can use during an attack engagement. Using King Phisher you can leveraging phishing tactics to building complex attack scenarios with capabilities to both coordinate and monitor the success of your phishing campaigns. A vast array of templates complement the tooling, allowing you to integrate landing pages into your attack scenario to not only increase the likelihood of achieving initial access but also to assist in gathering credentials to further your red teaming objectives.. When you are finished with this course, you’ll have the skills and knowledge to execute these techniques Phishing: Spearphishing Link-T1566.002 & Valid Accounts-T1078 using King Phisher.

Sample

---

Course Profile

Topic: Initial Access
Series: Red Team Tools
Level: Intermediate

Prerequisites

Viewers should have a basic understanding email concepts and DNS including MX and SFP records. Knowledge of the Mitre Att&ck framework and the Cyber Kill Chain is recommended but not required.

Table of Contents

Module One

1. Course Overview [1:04]

Module Two

1. Introduction [2:45]
2. Enumerate a Target to Build a Phishing Strategy [6:48]
3. Configure a Phishing Campaign with King Phisher to Gain Initial Access [8:09]
4. Harvest Victim Credentials through a Phishing Landing Page [8:24]

Module Three

1. Additional Resources [1:14]