Phishing and social-engineering assessment: pretext and infrastructure setup, payload and landing-page design, evasion, and reporting metrics.
66 checks · progress and notes saved in your browser
Establish the legal, ethical, and operational foundation for an authorized phishing assessment before any target interaction. Define scope, written authorization, objectives, and reconnaissance boundaries.
Stand up the sending and hosting infrastructure required for an authorized campaign: look-alike domains, email authentication, TLS/redirectors, and sender reputation.
Craft the social-engineering narrative and the technical artifacts: pretext messaging, credential-capture landing pages, and authorized payloads.
Assess the resilience of defensive controls: secure email gateway and sandbox evasion, link/redirect obfuscation, and real-time MFA bypass.
Run the campaign, track engagement safely, deconflict with the blue team, and translate results into metrics and remediation guidance.