DIY your APT for your protection

I’ve had the pleasure to present in a recent Microsoft Community virtual meetup about how I believe an organization should perform phishing campaign using a free platform called GoPhish.

We covered some topics around building the actual scenario, creating an awareness program, and basically how to “arm the masses” and leverage our employees as an additional defense later instead of just complaining that “Humans are the weakest link”.

As part of preparing for this, I’ve updated a dedicated tool which was last updated three years ago and made sure it’s updated and available here.

I wouldn’t repeat all I said yesterday, but here is the outline:

  • Slide 1 - Opening slide
  • Slide 2 - Disclaimer
  • Slide 3 - Who Am I
  • Slide 4 - 7 - People should be the weakest link
  • Slide 8 - 20 - How to prepare the scenario, install gophish and run a campaign
  • Slide 21 - 22 - Defence and making reporting easier
  • Slide 23 - Resources and comments
  • Slide 24 - Closing slide

The deck is available here

Recording link.

Not how many, but where.