Red Team Phishing
From lure to initial access.
Why Red Teams Choose Phishing Club
1
Evasion Capabilities
Use IP filters and custom deny pages together with pre-landing pages to block and work around security controls.
2
Custom delivery
Delivery lures via. SMTP, custom API calls or plant them yourself any way you want with rich copy functionality.
3
Go beyond any cloud SaaS
Create campaigns for reconnaissance, credentials or malwarae delivery.
Red Team Phishing Use Case
Phishing Club in action
Performing red team phishing is very different from normal allow listed phishing simuation
and requires features not available in SaaS.
Continue and read about some of the features that can help in a successful operations.
Build
Prepare the perfect attack
Multi-Stage Landing pages
Setup a page before the landing page, that enforces the controls you want, to
funnel the target and filter out scanners.
Add a after landing page or redirect away to ensure the target continues unalerted
of the compromise.
IP filtering
Utilizing IP (CIDR) filtering as allow or deny list, to ensure that only the
target sees the real lure.
Setup a page with different content that passes close inspection.
Web Presence
Established credibility and tricky anyone performing a extra check on the email sender by deploying a fully functional corporate website at the root domain.
Deliver
Strike with precision
Delivery lures with API sender
Go beyond email delivery via. SMTP and send lures with customized API calls.
Define a API request with URL, header and body, and the expected response.
Custom delivery
Deliver the lures anyway you want.
Copy the recipient landing page URL, lure content or preview the lure for rich data
copy to make it easier to deliver via. other providers.
Monitor
Track the hook
Notifications
Know when to act on specpfic events by setting up webhooks to deliver notifications when the target interacts with the lure, pages or submits credentials.
Events
Keep track of advanced delivery with a timeline that shows past, current and upcoming events.
Report
Keep track of the timeline.
Export events
Export campaign and recipient events in JSON for use in reports , addendum or 3. party vizualization.
Wrap up
Anonymize sensitive data
Campaign Anonymization
Anonymize a campaign or recipiet on demand to ensure sensitive data is not
unnecessary stored.
Set a campaign auto anonymization date to ensure never forgetting clean up after a
operation.
