Adventures in Phishing Email Analysis

June 18, 2020

Opening Phishing attacks are a daily threat to all organizations and unfortunately, they are one of the hardest threats to protect against. No matter how many defensive layers an organization has put in place following best practice defense-in-depth design, it only takes one (1) user to click on that malicious link or open that weaponized…


A Beginner’s Guide to Staying Safe/Anonymous Online

May 21, 2020

What is OSINT? It is probably safe to assume you have heard of OSINT at some point (Open Source INTelligence). However, if you have not, it can very generally be described as the collection and analysis of data gathered from publicly accessible sources. People who perform OSINT have a wide variety of sources they can…

hacker blog graphic

Next Gen Phishing – Leveraging Azure Information Protection

April 25, 2019

In this blog post, I will go over how to use Azure Information Protection (AIP) to improve phishing campaigns from the perspective of an attacker. The idea came during an engagement where I was having trouble getting phishing emails into users’ inboxes without being caught by a sandbox on the way. During this engagement, it…

holiday phishing graphic

Holiday Phishing: Office 365

November 15, 2018

  It’s that time of year again, Merry Phishmas!! Holidays are the prime time of the year for attackers to send Phishing campaigns. Whether you are looking for the best deal on Black Friday, the best Christmas gift for that special family member, or a Holiday greeting from employees, employers, or costumers, there are plenty…

digital and realistic sword graphic

From Scans to Adversary Emulation, Pentesting is Evolving Rapidly

June 14, 2018

Traditional pentesting is evolving as many companies are rapidly maturing their information security programs. Additionally, improvements in operating system hardening, endpoint protection agents, and security appliances are raising the bar for successful compromise and lateral movement. If you talk with pentesters across the industry, you will hear more and more positive stories about client security…

Caddy blog cover

Optimizing and Customizing Phishing Campaigns using Caddy

June 7, 2018

Introduction Over the past year, I’ve begun to regularly utilize a number of techniques designed to increase the overall sophistication of my phishing campaigns. What I ended up realizing was that while these techniques did, in fact, increase the volatility of my campaigns, they also added a significant amount of configuration, management, and system administration…

TrustedSec Blogs + Articles logo

Take Your Employees Phishing!

March 5, 2018

Because Phishing attacks are becoming more advanced in their exploitation of social engineering techniques, it may be overwhelming to attempt a defense against them. Technical defenses can work hard to shield your employees from being targeted by large phishing expeditions, but user awareness is key in protecting an organization against phishing attacks. Below I will…

Close-up of laptop with chains and lock

Social-Engineer Toolkit (SET) v7.7 “Blackout” Released

July 11, 2017

TrustedSec is proud to announce a major release of the Social-Engineer Toolkit (SET) v7.7. This version incorporates support for hostnames in the HTA attack vector, and a redesigned Java Applet attack vector. Java is still widely used in corporations and with a valid code signing certificate can be one of the easiest ways to get…


The Social-Engineer Toolkit (SET) v7.3 “Underground” released.

July 27, 2016

TrustedSec is proud to announce the release of The Social-Engineer Toolkit (SET) v7.3 codename “Underground”. This version is a complete rewrite of the SMS spoofing module and now uses the awesome folks over at as the main provider. The API fully integrates into theirs and allows you to spoof text messages directly through SET….


New Release: The Social-Engineer Toolkit (SET) v7.2 “Wine and Gold”

June 28, 2016

Today we release a new version of the Social-Engineer Toolkit (SET) v7.2 codename: “Wine and Gold”. For non-Cavs or non sports ball fans – apologies but couldn’t resist. This version has a number of enhancements and additions and represents over two months worth of development. Based on the show “Mr. Robot” which we think is…

  • Browse by Category

  • Clear Form