Phishing | Tryhackme Walkthrough

Rahul Kumar
14 min readJul 25, 2024

Learn what phishing is and why it’s important to a red team engagement. You will set up phishing infrastructure, write a convincing phishing email and try to trick your target into opening your email in a real-world simulation.

Brief

This room will take you through what phishing is, how it’s performed, some valuable tools and why it’s an essential part of a Red Team engagement.

Now it’s time to move to the next task and receive your Intro to Phishing!

Intro To Phishing Attacks

Before you learn what phishing is, you’ll need to understand the term social engineering. Social engineering is the psychological manipulation of people into performing or divulging information by exploiting weaknesses in human nature. These “weaknesses” can be curiosity, jealously, greed and even kindness and the willingness to help someone. Phishing is a source of social engineering delivered through email to trick someone into either revealing personal information, credentials or even executing malicious code on their computer.

These emails will usually appear to come from a trusted source, whether that’s a person or a business. They include content that tries to tempt or trick people into downloading software, opening attachments, or following links to a bogus website.

A term you’ll come across and the type of phishing campaign a red team would participate in is spear-phishing, as with throwing a physical spear; you’d have a

--

--

Rahul Kumar

Cybersecurity Enthusiast!! | COMPTIA SEC+ | CCSK | CEH | MTA S&N | Cybersecurity Analyst | Web Application Security