Phish your company, before someone else does!



Today we are happy to release to the public: http://phish5.com

Simply, Phish5 is Phishing as a service. It allows a fairly unsophisticated user to phish users in her organization, quickly, easily and from the comfort of her own browser.

Why would we do this ?

In the past year, a host of high profile news organizations were phished, and then publicly spanked. The attack that compromised the AP's twitter account [Verge] even led to a visible dip on the Dow.


If you talk to security folks, they will quickly dismiss Phishing attacks with a trite: "Educate your users"
Unfortunately, in any reasonably sized organization, this is not a trivial task & learning requires constant reinforcement. Phish5 exists to help with this.

A super short registration process, and users can enter a list of victims, create phishing mails, create phishing pages and track results. The whole process should take less than 5 minutes!

Phish5 means that you can track peoples behaviour changing over time.
  • Is Edward from HR just not getting it? (He seems to have been phished in the last 2 campaigns). 
  • Why does Edna always login to fake OWA pages?
Phish5 makes running campaigns, and monitoring them trivial for just $99. From user registration, to a running campaign in under 5 minutes.. Give it a spin, and give us feedback.. Like it reads: "Built with love"




Comments

Post a Comment

Popular posts from this blog

Simple Graphs with Arbor.js

Image
We recently released a tool at http://cc.thinkst.com to capture and collect infosec conference details. We commented on it [ here ]. One of the cooler components of it, is the ability to view the relationships between speakers/researchers who have collaborated. This post is a quick introduction to the library we used to build our graphs, with enough info to get you up and running in minutes. As I mentioned, we use ArborJS library which is a a graph visualization library using web workers and the popular jQuery . The API is really well documented [ here ] but like most people, I learn best by example (and there are precious few of these). Hopefully this post will fill that niche, and by the end of it you should have a basic understanding of how to use arbor.js in your project. Our Aim: We will be building a simple contrived example as seen in the image above. Project setup : Create a new html page and include script references to the following libraries (Download them from the links...
Read more

Using the Linux Audit System to detect badness

Image
Security vendors have a mediocre track record in keeping their own applications and infrastructure safe. As a security product company, we need to make sure that we don’t get compromised. But we also need to plan for the horrible event that a customer console is compromised, at which point the goal is to quickly detect the breach. This post talks about how we use Linux's Audit System (LAS) along with ELK (Elasticsearch, Logstash, and Kibana) to help us achieve this goal. Background Every Canary customer has multiple Canaries on their network (physical, virtual, cloud) that reports in to their console which is hosted in AWS. Consoles are single tenant, hardened instances that live in an AWS region. This architecture choice means that a single customer console being compromised, won’t translate to a compromise of other customer consoles. ( In fact, customers would not trivially even discover other customer consoles, but that's irrelevant for this post. ) Hundreds of consoles runn...
Read more

Small things done well¹

Image
Bad design is bad  In 2015 Moxie Marlinspike pointed out that the manual page for GPG is (now) 50% of the novel Fahrenheit 451. Any software whose man page approaches 20 thousand words better have a good excuse, and GPG can only gesture vaguely at decades of questionable design. GPG gets a bad rap but it isn’t really much of an outlier. Security software has a long history of crumby, unintuitive interfaces and terrible design choices. A deep dive into the factors behind awfully designed security software isn’t the purpose of today’s blogpost, but suffice it to say there is seldom pressure from the end users. Security software mandated by a security team is often rammed down users’ throats, so it doesn’t bother being pleasant. It’ll sell anyway. We’ve worked hard to buck this trend from our first version. It’s one reason why we are one of the few pieces of security software that customers actually talk about in terms of love: https://canary.tools/love Recently, we released a major...
Read more