7MS #482: Creating Kick-Butt Credential-Capturing Phishing Campaigns - Part 3
7 Minute Security - A podcast by Brian Johnson - Fridays
Categories:
Today we're continuing our discussion on phishing campaigns - including a technical "gotcha" that might redirect your phishing emails into a digital black hole if you're not careful! As I mentioned last week, I've been heavy into spinning up and tearing down phishing campaigns, so I finally got around to documenting everything in episode 481. This week I ran into a bizarre issue where test phishes to myself suddenly disappeared from my Outlook altogether! After chatting with some folks on Slack I did a message trace in the Exchange Admin Center under: Mail flow > Message Trace > Start a trace then make the Sender field be the user you're sending phishing emails from. That showed me that my phishes were being quarantined! To get around the quarantine, I went into Mail flow > Rules and then created a new rule with the following properties: Apply this rule if > The sender's domain is > yourphishingdomain.com Then under Do the following: Set the spam confidence level (SCL) to...Bypass spam filtering Under And, click the drop-down and choose: Modify the message properties...set a message header...X-MS-Exchange-Organization-BypassClutter Then click where it says Enter text and change header value to True and click OK.