Last active
December 22, 2021 18:02
-
-
Save ThoughtContagion/5f227b562bef4b19d5a5d0d4765f7890 to your computer and use it in GitHub Desktop.
Simulated Phishing Platform Resource Links
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
KnowBe4: | |
ATP Bypass by Header: Bypassing Safe Links and Safe Attachments by header values allows attackers to modify the header of their emails and bypass security measures. - https://support.knowbe4.com/hc/en-us/articles/115004326408-How-to-Bypass-Safe-Link-Attachment-Processing-of-ATP) | |
Bypass Spam Filtering by Domain: Bypassing Spam filtering by domain allows attackers to spoof external domains and IP addresses to bypass security measures. - https://support.knowbe4.com/hc/en-us/articles/360010283614 | |
Bypass Spam Filtering by Header: Bypassing Spam filtering by header values allows attackers to modify the header of their emails and bypass security measures. - https://support.knowbe4.com/hc/en-us/articles/212723707 | |
Adding KnowBe4 to your SPF Records: While not inherently dangerous, attackers can query a domain's DNS records to enumerate if they are KnowBe4 customers. - https://support.knowbe4.com/hc/en-us/articles/115003254328 | |
Edit Account Settings: By changing the default header value in KnowBe4 account settings, attackers cannot leverage the publcily disclosed header to bypass security measures. - https://support.knowbe4.com/hc/en-us/articles/226457887-How-to-Edit-Your-Account-Settings | |
Advanced Delivery Policies: Advanced Delivery Policies help to ensure that attackers are not abusing simulated phishing platforms by requiring a more secure method of delivery. While this would frustrate the majority of attackers, it is not a deterrent for an incentivised attacker. - https://support.knowbe4.com/hc/en-us/articles/4404511190803 | |
Direct Message Injection: This is the safest option for delivery of simulated phishing/training emails. DMI leverages a direct, secure connection between the KnowBe4 console and the 365 tenant. - https://support.knowbe4.com/hc/en-us/articles/360054494394-DMI-Configuration-Guide | |
Other platforms leverage many of the same techniques. Below are a list of IP's, Headers, and Header text used for simulated phishing platforms. | |
In nearly all cases, Microsoft's Advanced Delivery Policies are the safer options - https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/configure-advanced-delivery | |
IP Addresses: | |
18.205.140.116 | |
168.245.36.66 | |
207.154.247.120 | |
206.189.251.203 | |
159.89.9.35 | |
18.184.115.153 | |
18.184.247.15 | |
18.194.120.252 | |
18.194.64.92 | |
18.194.59.184 | |
18.194.131.176 | |
147.160.167.0/26 | |
192.254.121.248 | |
52.49.201.246 | |
52.49.235.189 | |
23.21.109.197 | |
23.21.109.212 | |
52.240.43.212 | |
34.232.212.184 | |
167.89.85.54 | |
149.72.237.117 | |
52.56.150.127 | |
45.55.94.58 | |
134.209.115.132 | |
159.65.161.216 | |
206.189.237.97 | |
64.191.166.196 | |
64.191.166.197 | |
69.72.47.194 | |
64.238.34.10 | |
64.238.34.11 | |
161.38.205.202 | |
64.191.166.0/24 | |
64.238.34.10/24 | |
54.80.160.189 | |
167.89.85.54 | |
3.212.212.17 | |
Headers: | |
X-PHISHTEST | |
X-PhishingTackle | |
X-EPHISHIENCY | |
Header Text: | |
PhishingTackle.com | |
KnowBe4 | |
PhishingBox | |
Hook Security | |
emPower | |
ePHISHiency |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment