Introduction

Over the years, we've seen countless sophisticated phishing attacks from various threat actors using complex initial access chains against real environments. But sometimes, it’s far simpler than that. A convincing email is often enough. You don’t need hundreds of people to click a link or hand over credentials, you just need one.

Phishing is one of those techniques that never really goes away. New controls come out all the time, 2FA, hardware tokens, better spam filtering, and now AI-based detection, but in practice a lot of organisations don’t fully adopt them and it usually comes down to effort. Changing a process that already works, especially in a large corporate environment, gets pushed down the priority list.

Most tutorials either jump straight to the interesting bits, show a finished setup, or assume you already have domains and VPS infrastructure to play with. That’s not always realistic, especially if you’re just getting started. So I’m going to build this up gradually, starting with a basic AD lab in VMware (1 DC, 2 workstations, a few users), then moving into VPS, domains, redirectors, and OPSEC later on.

This post focuses on getting GoPhish running locally in that environment, along with a simple email setup for each user and configuring Outlook so you can actually see how your templates look in a real client. I’m not going to cover building the AD lab itself, there are plenty of good guides for that already, and nothing advanced is needed here (just a workstation and some users).