Hey y’all. I’m a full-time cybersecurity student working IT for a small business. Our workforce is small, but almost entirely remote. So our attack surface is wide, distributed, and could do with some reinforcement.
One thing I’d like to do is start running sporadic phishing drills to increase employee threat awareness/preparedness.
As I’m still very much a novice in regards to offensive techniques, I’m not really sure where to start. I’ve read a lot about the benefits of this type of training but not so much how to actually execute it. Anyone have suggestions for good places to find HTML email or landing page templates? How does one go about attaining a harmless tracking link or making fake email addresses?
I’m a decent coder so I’d prefer open-source, customizable tools that would make the process educational for me, but if anyone knows a free, automated service, I’d be open to that as well. Thanks in advance and excuse the pun in my post’s title 😶🌫️