Hands on Phishing – GhostPacket

About Course

Tired of theoretical phishing courses? This is the definitive, hands-on training for penetration testers and red team operators who need to move beyond theory and execute realistic, effective phishing campaigns against modern, hardened targets. In this course, you won’t just learn about phishing—you’ll build, launch, and manage full-scale campaigns using industry-standard tools like GoPhish and the powerful Evilginx framework, learning to bypass Multi-Factor Authentication (MFA) and common email defenses.

Syllabus

Welcome to the Course
Configuring the Lab Environment
Preparing for a Successful Phishing Trip
GoPhish Setup and Initial Configuration
Launching a Phishing Campaign with GoPhish
Phishing with Evilginx
Bypassing Common Defenses
Combining Pretext Calling with Phishing
Course Conclusion

Course Content

Course

Creating an Account on Digital Ocean

00:00
Setting Up Billing & Billing Alerts

00:00
Creating an Ubuntu Droplet

00:00
Setting up Firewall Rules

00:00
Analysis of Bad Phishing Emails (Avoid This!)

00:00
Performing Basic OSINT on the Target

00:00
[Walkthrough] Compile a List of Users and Emails

00:00
[Walkthrough] Identifying a Login Page to Clone

00:00
[Walkthrough] Identify The ＂Secret＂ User

00:00
Strategies for Selecting a Domain

00:00
Purchasing a Domain with Namecheap

00:00
Configuring GSuite with the Domain

00:00
Overview of GoPhish

00:00
Installing GoPhish on Ubuntu

00:00
Setting up Certs and Launching GoPhish

00:00
[Challenge] Automate With a Script

00:00
Configuring DNS for the Domain

00:00
Setting up Email Templates

00:00
[Walkthrough] – Create a Phishing Email

00:00
Configuring the Landing Page

00:00
Adding Target Users

00:00
Creating the Sending Profile

00:00
[Walkthrough] Launch Your First Campaign

00:00
Overview of Evilginx

00:00
Installing and Configuring Evilginx

00:00
Brief Overview of Phishlets

00:00
Configuring Your First Phishlet

00:00
[Walkthrough] Create a Custom Phishlet for Self-Hosted WordPress

00:00
[Walkthrough] Re-Using Stolen Session Cookies

00:00
Difference Between a Penetration Test and Red Team Engagement

00:00
Leverage Known Services

00:00
Build Infrastructure Trust

00:00
Overview of Pretext Calling

00:00
Creating an Effective Pretext

00:00
Setting up SpoofCard

00:00
Setting up Google Voice

00:00
[Walkthrough] Call Yourself With a Spoofed Number

00:00
Note on Legality of Recording Calls

00:00
Practical Projects

00:00
Next Steps for your Career

00:00

Student Ratings & Reviews

No Review Yet

About Course

Syllabus

Course Content

Course

Creating an Account on Digital Ocean

Setting Up Billing & Billing Alerts

Creating an Ubuntu Droplet

Setting up Firewall Rules

Analysis of Bad Phishing Emails (Avoid This!)

Performing Basic OSINT on the Target

[Walkthrough] Compile a List of Users and Emails

[Walkthrough] Identifying a Login Page to Clone

[Walkthrough] Identify The ＂Secret＂ User

Strategies for Selecting a Domain

Purchasing a Domain with Namecheap

Configuring GSuite with the Domain

Overview of GoPhish

Installing GoPhish on Ubuntu

Setting up Certs and Launching GoPhish

[Challenge] Automate With a Script

Configuring DNS for the Domain

Setting up Email Templates

[Walkthrough] – Create a Phishing Email

Configuring the Landing Page

Adding Target Users

Creating the Sending Profile

[Walkthrough] Launch Your First Campaign

Overview of Evilginx

Installing and Configuring Evilginx

Brief Overview of Phishlets

Configuring Your First Phishlet

[Walkthrough] Create a Custom Phishlet for Self-Hosted WordPress

[Walkthrough] Re-Using Stolen Session Cookies

Difference Between a Penetration Test and Red Team Engagement

Leverage Known Services

Build Infrastructure Trust

Overview of Pretext Calling

Creating an Effective Pretext

Setting up SpoofCard

Setting up Google Voice

[Walkthrough] Call Yourself With a Spoofed Number

Note on Legality of Recording Calls

Practical Projects

Next Steps for your Career

Student Ratings & Reviews