This article has 286 words.

Phishing portals

A phishing portal is a Web site to which a user will be directed when he or she clicks. The address will consist of two important parameters:

Parameter Example Significance
Hostname Name of the host to which the traffic is directed
Path /microsoft-o365-login Address of the webpage to which the user is directed

Based on these two parameters, the final URL to which the employee will be directed is calculated. Obligatorily, this address must start with https://, then the hostname, then the path, and in the query parameters parameters will be passed, which are used for authentication.

Where can I find portals?

The current status of all portals can be checked via the “Portals” tab in the main menu, as the okKoala site administrator.

Security and management of portals

At this point, all portals are provided and managed by the okKoala service. The portals are regularly undergoing availability tests and the ability to exchange temporary keys to the Reaction API - okKoala’s backend module. No information about passwords, MFA codes, etc. goes to the backend. Reaction API does not allow to pass arbitrary values, but only events such as: person X entered a password, person Y tried to enter his PESEL. On your own, you can generate a link to a phishing attack, and then with the help of tools available in the browser (connection logs) or tools for eavesdropping on the connection (such as Wireshark), check what exactly the portal is sending. This will not be treated as attacks or penetration testing, but only as a conscious testing of the ecosystem in terms of phishing portals. According to the contracts / regulations, you can request a review of the code related to the portals.