This talk will go over the latest features in the open source phishing tool King Phisher. Some of the latest features offer more advanced templating of both emails and site content. The talk will demonstrate building customized phishing pretexts and specialized scenarios. This talk will also demonstrate the latest visualizations offered by King Phisher which allow the campaign information to be more easily analyzed. This talk will discuss how messages are classified as spam and how it can be avoided using King Phishers SPF integration. Finally the talk will conclude with a demonstration using a server page template to collect credentials and perform a CSRF attack against a targeted page.

Brandan Geise is a Security Consultant at SecureState, specializing in Physical Penetration Tests, Physical Security Assessments and Social Engineering. He holds GIAC’s GCFA and GWAPT certifications, as well as the Social Engineering Pentest Professional (SEPP) certification. In his free time Brandan enjoys honing his lock picking skills, hardware hacking, and researching methods of bypassing physical security control devices. Spencer McIntyre is an avid open source enthusiast and has made contributions to a variety of projects most notably including Metasploit and Scapy.

Back to Bsides Cleveland 2015 video list