Software permits users to create customizable and scalable mock phishing campaigns. Schneider Downs, one of the America’s 60 largest accounting and business consulting firms, announced the release of redlure, an open-source phishing platform built with the needs of red teamers and penetration testers top of mind. redlure provides users with the ability to self-generate phishing test campaigns that will be realistic and appropriate for each company’s organizational structure, and includes a distributed model that grants one interface access to multiple campaigns running on different servers and domains simultaneously.
Phishing attacks continue to be on a rise and represent an enormous threat to corporate and individual privacy and security. redlure provides organizations with a tool to create their own phishing tests to proactively assess employee resistance to phishing attacks and identify vulnerabilities.
This is the first open-source offering from the Schneider Downs’ rapidly growing cybersecurity practice.
“There is an essential need for a phishing platform that can be customized and scaled for the unique needs of each company. Schneider Downs tried numerous tools to create testing environments that mimic real user experiences from cloud services, yet we didn’t find one with the full capabilities that we needed,” explained Matthew Creel, product engineer and author of the open-source code. “Ultimately, we determined that we could best meet our needs by programming a solution ourselves.”
By developing redlure internally, the cybersecurity team at Schneider Downs prioritized the ability to develop testing campaigns tailored to the user. Features include the ability to:
- Manage multiple phishing campaigns in parallel
- Accurately mimic user experiences on common or popular websites
- Encrypt sensitive data within the platform’s database to secure private credentials
- Improve metrics to track when specific targets have opened emails, clicked links, downloaded payloads and submitted credentials
- Customize campaigns to best fit an organization’s culture and structure, thus providing a more stringent testing platform
“Our practice owes a great deal to the cybersecurity community and other companies that have previously created open-source programs for us to use. They have made us a better practice,” explained Daniel Desko, leader of Schneider Downs’ cybersecurity practice. “This is our contribution and effort to pay that debt forward to help other companies.”
The firm will debut redlure at DEF CON 28 Demo Labs in early August with code repositories available on Thursday, August 6, 2020 via www.github.com/redlure. The firm will also provide private product demos, which can be arranged by contacting the Schneider Downs cybersecurity practice. Additional information is available at www.schneiderdowns.com/redlure.
ABOUT THE PRACTICE
The Schneider Downs cybersecurity practice consists of experts in multiple technical domains. The firm offers a comprehensive set of information technology security services including penetration testing, intrusion prevention/detection review, ransomware security, vulnerability assessments, and a robust digital forensics and incident response team. For more information, visit www.schneiderdowns.com/cybersecurity.
