Learn Practical Pentesting Skills
Hands-On Phishing is a practical course designed for red teamers and security professionals who want to learn how phishing campaigns are built and executed in the real world.
You'll go from setting up your own lab environment to launching full-scale campaigns using tools like GoPhish and Evilginx2.
Along the way, you'll learn how to purchase domains, configure email infrastructure, and craft convincing phishing emails that bypass modern defenses.
The course also dives into advanced tactics like stealing session cookies and combining email phishing with pretext phone calls. This is not theory—this is hands-on, ethically focused training that mirrors what real attackers do.
Course Curriculum
- 3.1 Analysis of Bad Phishing Emails (Avoid This!) (8:20)
- 3.2 Performing Basic OSINT on the Target (7:32)
- 3.3 [Challenge Lab] Compile a List of Users and Emails
- 3.4 [Walkthrough] Compile a List of Users and Emails (6:11)
- 3.5 [Challenge Lab] Identifying a Login Page to Clone
- 3.6 [Walkthrough] Identifying a Login Page to Clone (3:17)
- 3.7 [Challenge Lab] Identify The "Secret" User (1:24)
- 3.8 [Walkthrough] Identify The "Secret" User (2:45)
- 3.9 Strategies for Selecting a Domain (6:21)
- 3.10 Purchasing a Domain with Namecheap (4:20)
- 3.11 Configuring GSuite with the Domain (9:27)
- 3.12 Section Quiz
- 5.1 Setting up Email Templates (6:05)
- 5.2 [Challenge] - Create a Phishing Email
- 5.3 [Walkthrough] - Create a Phishing Email (5:42)
- 5.4 Configuring the Landing Page (3:44)
- 5.5 Adding Target Users (4:29)
- 5.6 Creating the Sending Profile (11:22)
- 5.7 [Challenge] - Launch Your First Campaign
- 5.8 [Walkthrough] Launch Your First Campaign (10:54)
- 5.9 Section Quiz
- 6.1 Overview of Evilginx (3:45)
- 6.2 Installing and Configuring Evilginx (5:56)
- 6.3 [Challenge] Automate With a Script
- 6.4 Brief Overview of Phishlets (5:27)
- 6.5 Configuring Your First Phishlet (10:50)
- 6.6 [Challenge] Create a Custom Phishlet for Self-Hosted Wordpress
- 6.7 [Walkthrough] Create a Custom Phishlet for Self-Hosted Wordpress (5:11)
- 6.8 [Challenge] Re-Using Stolen Session Cookie
- 6.9 [Walkthrough] Re-Using Stolen Session Cookies (4:46)
- 6.10 Section Quiz
- 6.11 Destroy Your Digital Ocean Droplet
- 6.12 Cancel your Google Workspace Account
- 8.1 - Legal Warning (Do Not Skip!)
- 8.2 Overview of Pretext Calling (2:39)
- 8.3 Creating an Effective Pretext (9:16)
- 8.4 Setting up SpoofCard (1:59)
- 8.5 Setting up Google Voice (3:28)
- 8.6 [Challenge] Call Yourself with a Spoofed Number
- 8.7 [Walkthrough] Call Yourself With a Spoofed Number (4:14)
- 8.8 Note on Legality of Recording Calls (2:11)
- 8.9 Section Quiz
Hear What Students Say...
"Awesome course and highly recommended.
Tyler delivers practical, real-world knowledge that you can immediately apply. Drawing from extensive experience, he openly shares valuable insights including common pitfalls that benefit both red and blue team professionals. I highly recommend this course for anyone looking to strengthen their cybersecurity awareness and defenses and at this price, it's an absolute steal."
--David Robinson
Compliment Your Offensive Security Training
Phishing is one skill in the toolbox, but a true master knows when to use which tool.
Check out the other amazing practical skills training that aligns with offensive security.
