hacker blog graphic

Next Gen Phishing – Leveraging Azure Information Protection

April 25, 2019

In this blog post, I will go over how to use Azure Information Protection (AIP) to improve phishing campaigns from the perspective of an attacker. The idea came during an engagement where I was having trouble getting phishing emails into users’ inboxes without being caught by a sandbox on the way. During this engagement, it…

Read
holiday phishing graphic

Holiday Phishing: Office 365

November 15, 2018

  It’s that time of year again, Merry Phishmas!! Holidays are the prime time of the year for attackers to send Phishing campaigns. Whether you are looking for the best deal on Black Friday, the best Christmas gift for that special family member, or a Holiday greeting from employees, employers, or costumers, there are plenty…

Read
digital and realistic sword graphic

From Scans to Adversary Emulation, Pentesting is Evolving Rapidly

June 14, 2018

Traditional pentesting is evolving as many companies are rapidly maturing their information security programs. Additionally, improvements in operating system hardening, endpoint protection agents, and security appliances are raising the bar for successful compromise and lateral movement. If you talk with pentesters across the industry, you will hear more and more positive stories about client security…

Read
Caddy blog cover

Optimizing and Customizing Phishing Campaigns using Caddy

June 7, 2018

Introduction Over the past year, I’ve begun to regularly utilize a number of techniques designed to increase the overall sophistication of my phishing campaigns. What I ended up realizing was that while these techniques did, in fact, increase the volatility of my campaigns, they also added a significant amount of configuration, management, and system administration…

Read
TrustedSec Blogs + Articles logo

Take Your Employees Phishing!

March 5, 2018

Because Phishing attacks are becoming more advanced in their exploitation of social engineering techniques, it may be overwhelming to attempt a defense against them. Technical defenses can work hard to shield your employees from being targeted by large phishing expeditions, but user awareness is key in protecting an organization against phishing attacks. Below I will…

Read
Close-up of laptop with chains and lock

Social-Engineer Toolkit (SET) v7.7 “Blackout” Released

July 11, 2017

TrustedSec is proud to announce a major release of the Social-Engineer Toolkit (SET) v7.7. This version incorporates support for hostnames in the HTA attack vector, and a redesigned Java Applet attack vector. Java is still widely used in corporations and with a valid code signing certificate can be one of the easiest ways to get…

Read

The Social-Engineer Toolkit (SET) v7.3 “Underground” released.

July 27, 2016

TrustedSec is proud to announce the release of The Social-Engineer Toolkit (SET) v7.3 codename “Underground”. This version is a complete rewrite of the SMS spoofing module and now uses the awesome folks over at spoofmytextmessages.com as the main provider. The API fully integrates into theirs and allows you to spoof text messages directly through SET….

Read

New Release: The Social-Engineer Toolkit (SET) v7.2 “Wine and Gold”

June 28, 2016

Today we release a new version of the Social-Engineer Toolkit (SET) v7.2 codename: “Wine and Gold”. For non-Cavs or non sports ball fans – apologies but couldn’t resist. This version has a number of enhancements and additions and represents over two months worth of development. Based on the show “Mr. Robot” which we think is…

Read

The Social-Engineer Toolkit (SET) v7.1 “Blue Steel” Released

April 25, 2016

TrustedSec is proud to announce the release of the Social-Engineer Toolkit (SET) v7.1 “Blue Steel”. This release incorporates a lot of new additions, improvements, and bug fixes. The most exciting feature is a large rewrite of the MSSQL Bruter attack vector. Originally this was written using impacket and the TDS module. This has been re-written…

Read

SET v7.0 “RemembRance” Released!

February 8, 2016

TrustedSec is proud to announce the release of the major version of the Social-Engineer Toolkit (SET) v7.0 codename “RemembRance”. The codename has a lot of meaning and is in remembering David Jones (Rance) who passed away last month to cancer. Always remember you buddy and the difference you made in all of us! This release…

Read
  • Browse by Category

  • Clear Form