Clever Geek Handbook

1. Teaching users the basics of information security. Anti-phishing

Today, a network administrator or an information security engineer spends a lot of time and effort to protect the enterprise network perimeter from various threats, mastering all new systems for preventing and monitoring events, but even this does not guarantee him full protection. Social engineering is widely used by attackers and can have serious consequences.

: “ ”? , . , , .

80% ( Check Point Intelligence Reports).

Report for the last 30 days on the vector of attacks on the distribution of malicious files (Russia) - Check Point
30 () - heck Point

, . (EXE, RTF, DOC), , , , (, ).

Annual report on file formats in received malicious messages - Check Point
- heck Point

? : 

  • Antivirus - .

  • Emulation - , .

  • Content Awareness - . ( , PDF).

  • AntiSpam - / .

, , , - . -:

(. phishing, fishing — , ) — -. . , , .

-, DNS- , . 

, , :

  1. . , .

  2. . . , .   

, . ?

- ( ).

Diagram of a typical scenario for deploying a phishing attack

-, . :

  1. .

    21 , . , : , , , .. . , , ( , , ).

  2. .

    “”, -. : , , , ..

, , . :

  1. GoPhish - , IT- . . - , .

  2. KnowBe4 - .

  3. Phishman - . , 10 1000 . , . .

  4. - . , .. - , .

. , .  GoPhish, , .

GoPhish

, . GoPhish : user-friendly , :

  1. .

  2. REST API.

  3. .

  4. .

GoPhish. , ZIP- , , .

!

, ( 0.10.1). !

msg="Please login with the username admin and the password <>"

GoPhish

(config.json). :

( )

admin_server.listen_url

127.0.0.1:3333

IP- GoPhish

admin_server.use_tls

false

TLS GoPhish

admin_server.cert_path

example.crt

SSL- GoPhish

admin_server.key_path

example.key

SSL-

phish_server.listen_url

0.0.0.0:80

IP- ( GoPhish 80 )

--> . : https://127.0.0.1:3333

--> .

C

“Sending Profiles” , :

:

Name

From

Host

IP- , .

Username

.

Password

.

, . “Save profile”.

“ ”.   “User & Groups” → “New Group”. : CSV .

:

  • First Name

  • Last Name

  • Email

  • Position

:

First Name,Last Name,Position,Email
Richard,Bourne,CEO,rbourne@morningcatch.ph
Boyd,Jenius,Systems Administrator,bjenius@morningcatch.ph
Haiti,Moreo,Sales &amp; Marketing,hmoreo@morningcatch.ph

, . “Email Templates” → “New Templates”.

, , - . :

Name

Subject

Text / HTML

HTML-

Gophish , . : . “”.

. Template Reference.

:

{{.FirstName}},

The password for {{.Email}} has expired. Please reset your password here.

Thanks,
IT Team

, ( “New Group”) .

. “here” "Link" .

URL {{.URL}}, . .

"Add Tracking Image". - 1x1 , .

, , Gophish: 

  1. ;

  2. , ;

  3. .

, . .

C

 “Landing Pages”.

. . web- . , HTML- ( ). :

  • Capture Submitted Data. , .

  • Capture Passwords - . GoPhish , .

“Redirect to”, . , , . , .

"New Campaign".

GoPhish

. "New Campaign" .

:

Name

Email Template

Landing Page

URL

IP GoPhish (   )

Launch Date

Send Emails By

( )

Sending Profile

Groups

, : , , , .

, 1 ,   :

, . , Landing Pages, ?

, .

: , . GoPhish, .

IT-. Gophish, . . , (sales@tssolution.ru).

, , Enterprise- . !



More articles:


All Articles