Dark Arts
  • index
  • BUY ME A BOOK
  • 🪄Dark Magic
    • Pentesting
      • Industry Methodologies
    • Scopes of Testing
    • Reconnaissance
      • Passive
        • WHOIS
        • DNS
          • nslookup
          • dig
        • WAF
        • Subdomain
        • Google Dork
        • Misc. Techniques
        • Leaked Passwords
      • Active
        • Browser & Plugins
        • ping & traceroute
        • fping
        • telnet & netcat
        • DNS
          • Zone Transfer
          • DNS Amplification DDoS Attack Breakdown
        • Misc. Techniques
    • Vulnerability Assessment
    • Attack Types
  • 🕷️Aragoogs Nest
    • Web Application Overview & Security
      • Security Testing
      • Common Threats & Risks
    • Web Application Architecture
      • Technologies
    • HTTP/S
      • Message
      • Request
      • Response
        • Status Code
    • Crawling/Spidering
  • 🧪Potions
    • Web Browsers
    • Computer Networking
      • Network Protocol
      • Packets
      • OSI Layer
        • Layer 3: Network
        • Layer 4: Transport
      • DNS
        • Primary-Secondary
        • Local Name Resolution
        • Domain Hierarchy
        • FQDN
        • Lookups
        • DNS Resolution
        • DNS Records
        • Security: Attack-Defense (Default)
  • 🎆Spells
    • 📜Linux Scroll
    • 📜WebShell Scroll
    • git
      • Attacks + Vulnerabilities
  • 🖼️Flaws w/ Magical Frameworks
    • Windows
      • In a Nutshell
      • CVE-2019-0708: BlueKeep
      • CVE-2017-0144: EternalBlue: MS17-010
      • Attacking Services
        • MS IIS - WebDAV
        • SMB
        • HTTP File Server (HFS)
        • Apache Tomcat Web Server
        • RDP
        • WinRM
      • File System Vulnerabilities
      • Credential Dumping
        • Password Search in Windows Configuration Files
        • Mimikatz
        • Pass-the-Hash Attack
    • Linux
      • In a Nutshell
      • CVE-2014-6271: Shellshock
      • Attacking Services
        • FTP
        • SSH
        • SAMBA
        • SMTP
        • RSYNC
      • Dumping Hashes
  • 🌼Marauder's Boost
    • Privilege Escalation
    • Windows PrivEsc
      • Windows Kernel Exploit
      • Bypassing UAC
      • Access Token Impersonation
    • Linux PrivEsc
      • Linux Kernel Exploit
      • Misconfigured Cron Jobs
      • Exploiting SUID Binaries
      • shells
      • File Permissions
  • ☠️Death Eaters
    • Post Exploitation
      • Windows
      • Linux
  • 🪄OLLIVANDERS
    • nmap
      • Host Discovery
      • Port Scan
      • Service & OS
      • NSE
      • Firewall/IDS Evasion
      • Scan Optimization
      • Misc. Methods
    • ffuf
    • Hydra
    • Metasploit Framework
      • Architecture
      • Must to Know
      • msfvenom
      • Auxiliary Modules
      • Service Enumeration
      • Vulnerability Scanning
      • Imports
      • Automating
    • Vulnerability Scanners
    • Wireshark
  • 🚂Platform 9(3/4)
    • Auth-Auth
      • Authentication
        • Password-based Authentication
        • Basic Authentication
        • Multi-factor Authentication
        • Access Token
        • Token-based Authentication
          • JWT
          • OAuth 2.0
    • Secure Headers
      • Content-Security-Policy (CSP)
    • Cryptography
      • Caesar Cipher
  • ⛲Port Pensieve
    • Enumeration
      • SMB & NetBIOS
      • SNMP
    • Wordlists
  • 🔆DUELS
    • Pivoting
    • SMB Relay Attack
  • 🗺️Marauder's Map
    • Web Application Pentesting
    • API Pentesting
      • GraphQL
        • Primer
    • Mobile Application Pentesting
  • 🎧SIDE CHANNEL
    • Side Channel Analysis
    • Timing Side-Channel Attacks
      • Vulnerable Login
  • 🥃Sky
    • Cloud Basics
    • Cloud Management
      • Shared Responsibility Model
    • Using Cloud Resources
      • Monitoring & Alerts
      • Identity & Access Management
      • Scalability & Availability
      • Solution Design
    • Cloud Providers
    • Cloud Security & Regulatory Compliance
      • Resource Protection
      • ICCA: Cloud Security & Regulatory Compliance
    • ICCA Preparation
      • Knowledge Tests
      • Lab
  • 🔷Obsidian
    • Pentest Engagement
      • Scoping
    • Pentest Ethics
      • Rules of Engagement
    • Auditing Fundamentals
      • Process/Lifecycle
      • Pentest & Security Auditing
      • GRC
      • Standards, Frameworks & Guidelines
      • From Audit to Pentest
  • 📡THREAT INTEL
    • Threat Intelligence
    • Tool Dump
  • 📱Anything-Mobile-IoT
    • Firmware
    • Firmware Analysis
      • Example: CVE-2016-1555
    • Firmware Installation/Flashing
  • 🎉Mischeif
    • Social Engineering
    • Phishing
      • GoPhish
    • Pretexting
Powered by GitBook
On this page
  • Planning and Reconnaissance
  • Message Crafting
  • Delivery and Execution
  • Deception and Manipulation
  • Exploitation and Impact
  • Spear Phishing: A Targeted Approach
  • Target Selection and Research
  • Message Tailoring and Delivery
  1. Mischeif

Phishing

Phishing is a form of social engineering attack where an attacker impersonates a legitimate entity to trick individuals into revealing sensitive information, such as passwords, financial details, or corporate credentials. These attacks often rely on emails, messages, or fake websites that appear trustworthy but are designed to deceive victims. Instead of exploiting technical vulnerabilities, phishing targets human psychology, making it one of the most effective cyber threats.

Planning and Reconnaissance

Every phishing attack begins with careful planning and reconnaissance. Attackers research their targets using publicly available information, social media, and corporate websites to craft convincing messages. Understanding the target’s habits, job role, and common interactions helps in designing an attack that appears authentic. Open-source intelligence (OSINT) tools play a key role in gathering details that increase the credibility of the phishing attempt.

Message Crafting

Once enough intelligence is gathered, the attacker carefully constructs a message that aligns with the target’s expectations. These messages often impersonate trusted entities such as banks, IT departments, or business partners. They are designed to evoke emotions such as urgency, fear, or curiosity, compelling the recipient to take action without verifying the source. This deception is what makes phishing highly effective.

Delivery and Execution

With the message ready, the attacker proceeds with the delivery. The phishing attempt can be executed through emails, SMS (smishing), phone calls (vishing), or social media messages. Some attackers use advanced techniques such as email spoofing or fake login pages to make their attempts more convincing. The goal is to reach the target through a channel they trust and frequently engage with, increasing the likelihood of success.

Deception and Manipulation

Once the phishing message is received, the attacker relies on deception to manipulate the target. By impersonating a superior, invoking authority, or creating a sense of urgency, they pressure the victim into acting without thinking critically. Whether it’s clicking a malicious link, downloading an attachment, or entering credentials, the attacker exploits human tendencies such as trust, fear of getting in trouble, or the desire to be helpful.

Exploitation and Impact

If the target falls for the deception, the attacker gains unauthorized access to sensitive data, installs malware, or escalates privileges within the organization. This exploitation can lead to financial fraud, data breaches, or a large-scale security compromise. In advanced attacks, phishing serves as an entry point for further network infiltration, allowing attackers to move laterally and execute more damaging cyber operations.

Spear Phishing: A Targeted Approach

Spear phishing is a highly targeted form of phishing that focuses on specific individuals or organizations rather than random victims. Instead of sending mass emails, attackers conduct detailed research on their targets to create customized messages. Executives, IT administrators, and financial personnel are common targets because of their access to critical data.

Target Selection and Research

Before launching a spear phishing attack, the attacker carefully selects high-value individuals and gathers information about their roles, communication patterns, and recent activities. This research allows the attacker to craft an email or message that appears highly relevant and difficult to distinguish from legitimate communication.

Message Tailoring and Delivery

The effectiveness of spear phishing lies in its personalization. Attackers mimic real conversations, reference ongoing projects, or use industry-specific jargon to make their messages seem credible. Since these emails are highly customized, they often bypass traditional security filters. Once the message is delivered through email, SMS, or another channel, the target is more likely to engage, leading to credential theft or further exploitation.

PreviousSocial EngineeringNextGoPhish

Last updated 19 days ago

🎉