King Phisher v1.15 is here! With this release you can now choose what columns are visible while viewing campaign messages, visits and credentials. Additionally, if you are having issues with King Phisher configuring its pipenv environment, you can now provide the --env-verbose flag on ./KingPhisher --env-install or ./KingPhisher --env-install. This will provide more ... READ MORE
King Phisher Release v1.14
It is time for the next release of King Phisher! Continuing down the path of making it easier to set your Web Server URL, the campaign editor now features an interactive URL builder component. This allows users to easily select the scheme, hostname and landing page as suggested by the server making it easier to select a proper URL. In addition, King Phisher now integrats ... READ MORE
King Phisher Release v1.13
With the version 1.13 release, we have added several goodies. First is a long requested feature! The ability to store MFA tokens submitted from a login page. Now you can grab username, password, and the MFA field . If you are using this feature as part of penetration test you will have to stay on top of the password submission field and use the data quickly as they often have a ... READ MORE
King Phisher Release 1.12
King Phisher version 1.12 is finally here. One improvement that we are most excited about is King Phisher now utilizes Pipenv to manage it's dependencies. This will greatly improve the stability of the platform moving forward as there won't be any dependency conflicts or bugs from upstream changes. After doing a git fetch and git pull to update King Phisher, you now runsudo ... READ MORE
King Phisher Release 1.9
Today RSM is proud to announce the latest release of our open source Phishing tool King Phisher. This release brings many new features that we hope offer users a much more pleasant experience and facilitate tapping into some of the more customizable potential of King Phisher. The biggest upgrade with King Phisher version 1.9 is that the client's plugin manager got a huge ... READ MORE
King Phisher Release 1.8
The King Phisher version 1.8 has arrived with the following changes: Warn Python 2.7 users that this is the last release Python 2.7 will be supported The Windows MSI build is now in Python 3.4 King Phisher server now supports Red Hat Server 7 King Phisher client support for OS X by using Docker Support for issuing certificates with acme while the server is ... READ MORE
Compromise a DCOS Server through a Docker Container
Ever wonder how you can use a docker container to compromise the host? There is a simple process to do so, if you have the ability to start a docker container. With the increasing utilization of docker, there have been several cluster solutions developed. Among these solutions is DC/OS. By default, the installation is found to be rather insecure. The first couple of steps have ... READ MORE
Pivot, Exploit, Death by Firewall
Another scenario that is getting all too familiar: It is another day in the office. The external penetration test is going as planned. You broke in to the internal network and you have transports in place. You just need that last trophy before you can call it a day! You finally find the system where it is stored. You prep for the attack, and check to make sure all is setup ... READ MORE
King Phisher Release 1.6
We are happy to announce the long awaited release of version 1.6. The development of version 1.6 is massive compared to prior releases. The major changes are to the back-end API calls too and from the King Phisher server. Utilizing AdvancedHTTPServer capabilities for web sockets, the server will now alert the client when there are changes to the database tables. This allows ... READ MORE
CTF Example – Coding
You sit there in front of your desk after getting hired in to a security position, and quickly realize that it is no point-and-click job. Security on both sides of the house leverage the power of programming to automate tasks. This can be anything from alerting on specific key words on logs, to making a quick script to gather information for the environment you just caught a ... READ MORE