GoPhish Template Cheatsheet

Variable Description
{{.FirstName}} Target’s first name
{{.LastName}} Target’s last name
{{.Position}} Target’s position
{{.Email}} Target’s e-mail
{{.From}} Source e-mail address
{{.TrackingURL}} URL to tracking handler (per engagement)
{{.Tracker}} Alias for inserting img tag to read tracking URL
{{.URL}} URL to the phishing destination

[Read More]

Breaching the Perimeter with OpenConnect and ocproxy

As Red Teamers, we often encounter engagements with targets that may allow remote workers, but require all connections to pass through a central VPN for access to the Corporate assets. These VPNs typically authenticate with two factor authentication or other mechanisms. We will use OpenConnect and ocproxy to automatically log in to a VPN once credentials are acquired from a phishing page.

[Read More]