small align text-align-left refresh
Free Series

Breaking Bad Security

Teaching tests, tricks and free tools you can use to keep your security from breaking bad

Watch the Latest Tutorial
basic_heading tertiary align text-align-left color text-black refresh

A strong security posture needs constant validation of defenses and training to succeed. Getting that validation can be tricky.

In this series, we will provide easy-to-follow tutorials that show you how to sit in the bad guy’s seat by leveraging free, open-source technology to figure out if, and how badly, different types of attacks can work.

basic_heading primary align text-align-left color text-black refresh

Tutorials

text_image_two refresh

Intro to the Series

In this series, we will provide easy-to-follow tutorials that show you how to sit in the bad guy’s seat by leveraging free, open-source technology to figure out if, and how badly, different types of attacks can work...

text_image_two refresh

Tutorial 1: Email Phishing

In this video, Tristan shows you how to set up a targeted spear-phishing campaign using the open source platform Gophish...

He shares some statistics on the prevalence of phishing, provides step-by-step instructions on setting up your own phishing campaign, and provides some advice on how to develop an ongoing program.

To get Gophish for yourself go to www.getgophish.com

text_image_two refresh

Tutorial 2: Remote Access

In this video, Tristan shows how to establish a remote connection using the open-source platform QuasarRAT...

He’ll walk through installation and setup, how to configure the Release and Remote clients, and offers some suggestions for how to distribute Remote client to test endpoint defenses.

To get QuasarRAT for yourself go to https://github.com/quasar/QuasarRAT