Today was the best day of the week. We kicked things off with a hands-on phishing simulation, and in the afternoon, I joined the CTF gang for some fun challenges.
I learned how to use GoPhish by only filling some forms with:
Creating a sending profile
Setting up a landing page (including credential capture)
Designing email templates
Adding users and groups
Launching everything through the campaigns section
I dug into email spoofing and discovered something pretty interesting: standard email protocols like SMTP don’t verify the “From” address by default. That means attackers can make an email look like it’s from someone else without even accessing their account.
Also to increase legitimacy and avoid spam filters, it’s important to configure these DNS-based authentication protocols:
SPF (Sender Policy Framework)
Specifies which mail servers are allowed to send email on your domain’s behalf.
DKIM (DomainKeys Identified Mail)
Uses cryptographic signatures to verify the email content hasn’t been tampered with and really comes from your domain.
DMARC (Domain-based Message Authentication, Reporting, and Conformance)
Builds on SPF and DKIM, tells mail servers what to do when emails fail checks, and can provide reports for monitoring abuse.
I also explored tools that clone real login pages which are used for credential harvesting during phishing simulations.
In the afternoon, I tackled two CTF challenges.
The Lessons Learned lab was actually a pretty fun one.
I learned to be careful with SQL injections because when i tried the basic command ‘ OR 1=1. That command is limited, noisy, and often unreliable in real-world penetration testing or red teaming scenarios.
It exploits poor input validation by appending a tautology (a condition always true) to a SQL query. “OR 1=1” is extremely well-known and frequently used in SQL injection signatures and modern WAFs and IDS/IPS systems flag it almost immediately.
So, when i used that injection it deleted the flag… Lessons learned indeed.
The other lab was a throwback to another one because the last part was about gaining root access through a cronjob. I’m learning that privilege escalation is not that easy most of the times.
