Phishing Attacks: Advanced Attack Techniques
暫譯: 釣魚攻擊：進階攻擊技術

Phishing is an attack technique where an attacker uses fraudulent emails or texts, or copycats websites to get a victim to share valuable personal information such as account numbers, social security numbers, or victim's login user-name and password. This technique is also used to trick the victim into running malicious code on the system, so that an attacker can control the user's system and thereby get acces to user's or organization's sensitive data. This book is an introduction for the reader in the world of Phishing attacks. The book focuses on the different kinds of Phishing attacks and provides an overview of some of the common open source tools that can be used to execute Phishing campaigns. Red teams, pentesters, attackers, etc. all use Phishing techniques to compromise a user's machine. It is necessary for Red teams and pentesters to understand the various payload delivery mechanisms used by current threat profiles. The book then delves into the common Phishing payload delivery mechanisms used by current threat profiles. It also introduces some new and uncommon payload delivery techniques that the author has used in the past to bypass and get through email filters as well as end-point detection systems.