this post was submitted on 10 May 2024
1288 points (98.6% liked)

Comic Strips

12619 readers
3134 users here now

Comic Strips is a community for those who love comic stories.

The rules are simple:

Web of links

founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] Magister@lemmy.world 3 points 6 months ago (1 children)

haha same for me, the header contains the word "gophish", easy to filter it

[–] borari@lemmy.dbzer0.com 2 points 6 months ago

Damn. I’ve scripted out the entire process of verifying an owned domain in a hosted mail providers system, deploying the ec2 infrastructure, and installing and configuring gophish for a campaign, along with tearing everything down.

That header thing gophish adds is a default option that you can override by just setting that header to an empty string. Whoever runs campaigns for your employer either wants to make it easy for you to pass or doesn’t care about their job at all.

I’ve done it in the context of red team/adversary emulation campaigns before though, so the opsec needed to be a bit tighter than the mandatory phishing awareness stuff i guess.