Simple play icon Course
Skills

Initial Access with King Phisher

by Jeff Stein

King Phisher is a feature-rich tool for coordinating and monitoring successful phishing campaigns to further red teaming objectives towards initial access. In this course, you will learn initial access using King Phisher.

Preview this course

What you'll learn

Through the use of phishing techniques, you'll learn the skills and understanding to further your red teaming objectives towards initial access. In this course, Initial Access with King Phisher, you’ll see how to utilize King Phisher to execute a phishing attack in a red team environment. First, you’ll demonstrate your ability to identify a victim and enumerate DNS to craft a successful phishing campaign. Next, you’ll apply a spearphishing technique to target a victim. Finally, you’ll simulate harvesting victim credentials by crafting a landing page to use in the attack. When you’re finished with this course, you’ll have the skills and knowledge to execute these techniques. Phishing: Spearphishing Link-T1566.002 & Valid Accounts-T1078 using King Phisher.

Table of contents

Course Overview
1min
Executing a Phishing Campaign and Gather Credentials with King Phisher
26mins
Resources
1min

Course FAQ

What is phishing?

Phishing is the fraudulent attempt to obtain sensitive information or data, such as usernames, passwords and credit card details, by disguising oneself as a trustworthy entity in an electronic communication.

Is phishing only done through email?

No, scammers also utilize phone calls, SMS texts, and social media sites to trick you into giving up sensitive and confidential information.

What type of phishing attack targets specific users?

A spear phishing attack is a targeted form of phishing. Unlike general phishing emails, which use spam-like tactics to blast thousands of people in massive email campaigns, spear phishing emails target specific individuals within an organization.

What is a DNS Server?

The Domain Name System is a hierarchical and decentralized naming system for computers, services, or other resources connected to the Internet or a private network. It associates various information with domain names assigned to each of the participating entities.

What is the difference between ethical hacking and cyber security?

Ethical Hacking is done by 'ethical' hackers who are the legitimate or legal hackers, and their job is to do hacking with the permission of the owner and provide a report about the hack. Whereas, Cyber Security is managed by Cyber Security experts whose main goal is to defend the system from malicious activities.

About the author

Jeff Stein

Jeff Stein is an Information Security Architect focused on topics covering Governance, Application, Cloud, Network, Data and Physical security with an eye towards building robust security programs. In addition to security he has a background in Systems Engineering and Administration. Jeff has written on various security topics for industry publications and has worked in both the tech and fintech space. His background in IT also includes employment with the U.S. House of Representatives and the U... more

See more courses by Jeff Stein
Ready to upskill? Get started