Breaking Bad Security Tutorial 1: Email Phishing

Achieving a sound security posture takes an understanding of sound fundamentals, the implementation of widely accepted best practices and constant validation through both training and practice to be successful. But this last piece - validation - can be tricky, especially if you feel you don’t have the tools, knowledge or even the time to do it.

In this video, Tristan shows you how to set up a targeted spear-phishing campaign using the open source platform Gophish. Email phishing is one of the most popular methods attackers use to gain a foothold in an organization's network. After following this tutorial you'll be able to train your employees on how to spot potentially malicious emails and decrease their effectiveness in your environment.

He shares some statistics on the prevalence of phishing, provides step-by-step instructions on setting up your own phishing campaign, and provides some advice on how to develop an ongoing program.

To get Gophish for yourself go to