• borari@lemmy.dbzer0.com
      link
      fedilink
      arrow-up
      2
      ·
      7 months ago

      Damn. I’ve scripted out the entire process of verifying an owned domain in a hosted mail providers system, deploying the ec2 infrastructure, and installing and configuring gophish for a campaign, along with tearing everything down.

      That header thing gophish adds is a default option that you can override by just setting that header to an empty string. Whoever runs campaigns for your employer either wants to make it easy for you to pass or doesn’t care about their job at all.

      I’ve done it in the context of red team/adversary emulation campaigns before though, so the opsec needed to be a bit tighter than the mandatory phishing awareness stuff i guess.