🚀 Senior Design Project: Leveraging Virtual Machines for Workplace Phishing Attack Mitigation
đź“ť Project Summary
This project focused on using virtual machines to simulate and educate employees on how to identify, differentiate, and mitigate phishing attacks in a workplace environmen. Despite advancements in cybersecurity, phishing remains a primary source of data breaches and monetary loss for companies. The project’s goal was to create an effective, hands-on training program that uses VM software to simulate real-world phishing scenarios.
Key Takeaways
- The Importance of Planning: Proper planning and preparation are crucial, as technical hurdles, like setting up VMs and creating realistic scenarios, can cause significant delays.
- Monitoring and Evaluation: Continuous evaluation of training is necessary to combat evolving threats and user behaviors.
- Problem-Solving: A key challenge was a third-party application issue with Google’s security, which was resolved by using a different SMTP server after thorough research.
- Lessons Learned: The project provided valuable experience in cybersecurity operations, including setting up systems, installing tools, and practicing phishing with tools.
đź’» Presentation Overview
The project leveraged several materials to create a hands-on training module:
- Virtualization Software: VMWare, VirtualBox, or Parallels.
- Virtual Machines: Kali Linux and an email server.
- Phishing Simulation Software: SEToolkit in Kali Linux was used for the simulation.
- Training Materials: Educational modules, user guides, and policies were developed for employees.
The project followed a structured schedule, from initial project kickoff and research to scenario development, VM setup, and final testing. The simulation involved sending a malicious email from a spoofed address with a suspicious attachment to a target.
📸 Screenshots
The final presentation included several screenshots to illustrate the project’s process and results, including:
- A screenshot of the phishing email with a suspicious attachment and an incorrect email address.
- A screenshot of the final training module that was designed.
- A screenshot of the Kali Linux terminal used for the phishing simulation.