1.1 Welcome & Course Overview

Hands-On Phishing: Course Overview

Welcome to Hands-On Phishing, a practical and deeply technical course designed to give you real-world experience in running phishing and social engineering campaigns — the ethical and professional way.

Meet Your Instructor

Tyler Ramsbey is your instructor, and he’s here to take you step-by-step through how professional Red Teamers and penetration testers build and execute real phishing infrastructure and social engineering engagements.

What You’ll Learn in This Course

This course goes far beyond simulated labs. You’ll work in a real-world environment, setting up genuine phishing campaigns using industry-standard tools and infrastructure.

Lab Environment Setup

  • You’ll deploy a cloud server on DigitalOcean — a real infrastructure provider.
  • This will simulate how professional operators build phishing environments, rather than using local or sandboxed simulations.

OSINT and Targeting

  • Learn to perform basic OSINT (Open Source Intelligence) to gather emails, names, and user information.
  • Apply this intel to construct realistic phishing campaigns against a fictional company built for this course.

Tools You'll Master

  • GoPhish – For creating and managing phishing campaigns.
  • Evilginx2 – For advanced phishing techniques, including token interception.
  • Don’t worry if you’ve never used them — Tyler walks you through both, step by step.

Pretext Calling (Vishing)

  • Learn pretext calling (also known as vishing), a technique where attackers call employees under false pretenses (e.g., impersonating IT support).
  • You’ll learn how to:
    • Spoof internal numbers
    • Develop convincing pretexts
    • Combine calls and emails for stronger engagement success

Ethics & Legal Boundaries

Tyler emphasizes the moral responsibility of using this knowledge only in authorized, ethical contexts:

⚠️ Use these tactics ONLY during legal penetration tests or Red Team engagements with full client permission.
  • These techniques are powerful — and potentially dangerous if misused.
  • Performing phishing without permission is illegal and will result in criminal charges. You will go to jail.
  • Everything in this course is intended for defensive training, Red Team operations, or authorized engagements only.

Who Should Take This Course?

For Red Teamers & Pentesters:

  • This course fills the gap in high-quality, detailed training for real phishing infrastructure and engagements.

For Blue Teamers & Defenders:

  • Understanding attacker tradecraft is critical.
  • This course helps you see how attacks are constructed, so you can defend against them before they succeed.

Final Thoughts Before You Start

  • Get your note-taking system ready — there’s a lot to learn, and documenting your process is a key part of retention and professional development.
  • This course is hands-on, technical, and actionable from the very first module.
“You can only stop an attacker if you know how an attacker thinks.”

Ready to Begin?

If you're ready to dive into the world of phishing from an ethical hacker's perspective — let's get started.

Complete and Continue