What do I think of the Practical Phishing Campaigns course from TCM Security with Aaron Wilson

Who should take this course?

The Practical Phishing Campaigns course from TCM Security is tailored for a wide range of individuals within the cybersecurity domain. If you’re a penetration tester, security analyst, or system administrator looking to enhance your phishing campaign skills, this course is ideal for you. It’s also beneficial for those who have run several campaigns but want to refine their techniques and learn advanced methods. Additionally, security enthusiasts and beginners aiming to break into the cybersecurity field will find the course content comprehensive and practical, providing them with a solid foundation in phishing attack strategies and defenses.

What is in the course?

The course led by Aaron Wilson, a Principal Penetration Tester at TCM Security is structured to cover the entire process of setting up and executing phishing campaigns from basics to advanced techniques. Here’s a breakdown of the course content:

  1. The Perimeter – A Cat and Mouse Game:
    • Introduction to the course and modern security architecture.
    • Tips on phishing domains, multi-factor authentication, spam filter avoidance, and whitelisting.
  2. Domain Registration:
    • Guidance on choosing domain registrars and setting up Amazon AWS Route 53.
  3. Email Registration:
    • Options for email registrars and setting up Mailgun for email services.
  4. Gophish – Basic Phishing:
    • Detailed steps to create an AWS EC2 instance, set up GoPhish, configure it as a system service, and set up TLS certificates.
    • Instructions for setting up an email sending profile and sending the first campaign.
  5. Gophish – Hardening and Advanced Techniques:
    • Techniques for server hardening, email sender hardening, and creating custom HTML for emails and landing pages.
    • A quick recap of GoPhish setup.
  6. Evilginx – MFA Bypass:
    • Setting up and running Evilginx, configuring domains for phishlets, and combining Evilginx with GoPhish.
    • Tips on protecting Evilginx.
  7. Evilgophish – SMS Phishing:
    • Instructions for setting up Evilgophish, Twillio for SMS services, and sending SMS phishing messages (smishing).
  8. Vishing Strategies:
    • Advice on combining vishing (voice phishing) with SMS strategies.
  9. Reporting, Documentation, and Cleaning Up:
    • Tips for defenders, cleaning up domains, reviewing GoPhish event logs, and documenting reports.
  10. Thank You:
    • Closing remarks and appreciation for participating in the course.

Conclusion

Even with prior experience running phishing campaigns using GoPhish, I found the Practical Phishing Campaigns course by TCM Security to be incredibly insightful. Aaron Wilson’s expertise and thorough approach provide a wealth of new information and techniques that can significantly enhance anyone’s phishing campaigns. His role as a Principal Penetration Tester, coupled with his passion for teaching and mentoring, shines through in the course content, making it both informative and engaging.

The course’s structure ensures that learners of all levels can grasp the concepts and apply them effectively. From domain registration to advanced phishing techniques, each module is designed to build on the previous one, culminating in a comprehensive understanding of practical phishing campaigns. The inclusion of advanced topics such as MFA bypass using Evilginx and SMS phishing through Evilgophish ensures that even seasoned professionals can gain new skills and insights.

In conclusion, the Practical Phishing Campaigns course is a valuable resource for anyone involved in cybersecurity. Whether you are a novice or an experienced professional, Aaron Wilson’s guidance will help you execute more effective and sophisticated phishing campaigns.

That was all

Keep hacking!

//Roger

Leave a comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Blog at WordPress.com.

Up ↑