Outlook Attachments

Attackers can compose an email on Outlook (or O365) and attach a file and then use the file's download link to directly download the file. Restricted file types would first need to have their file extension modified (e.g. mimikatz.exe becomes mimikatz.exe.txt) and then upon download the file extension is modified back to the original extension.

1. Compose an email
2. Attach a file (add .txt to the end if it's a restricted file type)
3. Click on the file to download it and grab the link (attachment.outlook.live.net or attachment.office.net)

Link is valid for ~15 minutes.

#outlook #attachments #redteam #phishing

Phishing With Spoofed Cloud Attachments

This article looks at how you can abuse the cloud attachment feature on O365 to make executables (or any other file types) appear as harmless attachments.

https://mrd0x.com/phishing-o365-spoofed-cloud-attachments/

#phishing #O365 #abuse

Custom Previews For Malicious Attachments

A phishing technique that allows attackers to create fake previews for their malicious attachment with Google Mail.

https://mrd0x.com/phishing-google-users-by-spoofing-previews/

#phishing #gmail #attachments

Anti-Spam Bypass

A script that helps you understand why your E-Mail ended up in Spam

https://github.com/mgeeky/decode-spam-headers

#phishing #anispam #bypass

Phishing campaigns

Сделал github репозиторий, в котором представлены разборы/отчёты об фишинговых кампаниях APT группировок, которые содержат пример писем, с помощью которого осуществлялась рассылка. Зачастую разборы атак APT группировок не содержат примеры писем, это побудило меня создать репозиторий в котором будут отчёты/разборы, которые точно содержат фишинговое письмо. Постепенно данный список будет пополняться

Link: https://github.com/wddadk/Phishing-campaigns

#apt #git #phishing

🪄 Red Wizard

This tool automates the deployment of a comprehensive infrastructure with redirectors, backend systems, phishing relays, OSINT machines, and more. It is designed to be user-friendly, providing wizards to walk administrators and Red Team operators through the deployment process. The infrastructure is also self-documenting, making the sharing of all relevant details to the team of operators an effortless task.

🌐 Details:
https://www.secura.com/blog/red-wizard-1

#redteam #relay #infrastructure #phishing

⛓ Trusted Domain, Hidden Danger

In this blog post describes a prevalent tactic used in phishing attacks, which involves exploiting legitimate platforms for redirection through deceptive links.

Source:
🔗 https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/trusted-domain-hidden-danger-deceptive-url-redirections-in-email-phishing-attacks/

#phishing #url #redirect

Evilginx ❤️ Gophish

The highly anticipated official integration between Evilginx and Gophish has been unveiled in the latest Evilginx 3.3 update. Alongside this major feature, the update brings numerous quality-of-life enhancements.

🔗 https://breakdev.org/evilginx-3-3-go-phish/

#evilginx #gophish #phishing