Free Series

Breaking Bad Security

Teaching tests, tricks and free tools you can use to keep your security from breaking bad

basic_heading tertiary

A strong security posture needs constant validation of defenses and training to succeed. Getting that validation can be tricky.

In this series, we will provide easy-to-follow tutorials that show you how to sit in the bad guy’s seat by leveraging free, open-source technology to figure out if, and how badly, different types of attacks can work.

basic_heading primary

Tutorials

text_image_two

Intro to the Series

In this series, we will provide easy-to-follow tutorials that show you how to sit in the bad guy’s seat by leveraging free, open-source technology to figure out if, and how badly, different types of attacks can work...

Tune in next week as we post our very first tutorial on email phishing. Until then, meet our instructor, Tristan Morris, and get a taste of what he has to offer.

Read More
text_image_two

Tutorial 1: Email Phishing

In this video, Tristan shows you how to set up a targeted spear-phishing campaign using the open source platform Gophish...

He shares some statistics on the prevalence of phishing, provides step-by-step instructions on setting up your own phishing campaign, and provides some advice on how to develop an ongoing program.

To get Gophish for yourself go to www.getgophish.com

Read More
text_image_two

Tutorial 2: Remote Access

In this video, Tristan shows how to establish a remote connection using the open-source platform QuasarRAT...

He’ll walk through installation and setup, how to configure the Release and Remote clients, and offers some suggestions for how to distribute Remote client to test endpoint defenses.

To get QuasarRAT for yourself go to https://github.com/quasar/QuasarRAT

Read More
basic_heading secondary

Additional Resources

resources row