Read more about the current Greenbook proposals. ...
This site uses cookies to ensure that we give you the best user experience. Cookies assist in navigation, analyzing traffic and in our marketing efforts as described in our Privacy Policy.
Phishing assessments have always been, and will continue to be, a critical part of our penetration testing and red teaming methodology, and one of the key components is a phishing tool that allows us to accurately portray real life threat actors. In the past, our team has used several different phishing tools and platforms, and with each of them we felt there must be something out there better suited for our needs. These needs drove the decision to develop redlure, our own open-source phishing platform.
Our initial goal was to develop software that provides customizable, scalable and more importantly, realistic phishing campaigns for our clients. We understand the importance of creating phishing assessment campaigns that mimic the real user experience you get when using cloud services. Examples of these cloud services include Office365 or Gmail, with each requiring your username and password to be submitted on sequential webpages. Over time, our software solution evolved to meet the following needs of our operators:
The result was a framework consisting of three parts:
This structure allows you to attach as many remote servers running the worker API to a single console for management. A sample environment with two workers is depicted below:
We are really excited to announce that redlure will be featured as part of the DEF CON 28 Demo Labs. During the demo we will look at the tool in a test environment, walk through the core features, create several phishing campaigns and simulate the actions of unsuspecting end-users. Our live demo schedule is below:
The redlure code repositories will be going public on Thursday, August 6th, 2020 at www.github.com/redlure. Please contact us if you are interested in a demo outside DEF CON.
Matt Creel has been a member of the Schneider Downs cybersecurity practice since 2017 where he helps clients with penetration testing, red teaming and incident response services. Matt has served clients in manufacturing, healthcare, automotive, financial and higher education industries. One of Matt's focuses is offensive tool development, notably password spraying and phishing tools.
The Schneider Downs cybersecurity practice consists of experts in multiple technical domains. We offer a comprehensive set of information technology security services including penetration testing, intrusion prevention/detection review, ransomware security, vulnerability assessments, and a robust digital forensics and incident response team. For more information, visit our website.
In addition, our Incident Response Team is available around the clock at 1-800-993-8937 if you suspect your organization is experiencing a network incident.
Read more about the current Greenbook proposals. ...
Learn more about the regional and national supply chain implications of the Baltimore Key Bridge collapse. ...
We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.
Ask us
[email protected]
p:412.261.3644
f:412.261.4876
[email protected]
p:614.621.4060
f:614.621.4062
[email protected]
p:571.380.9003