The task is simple: Perform phishing attacks on the TU Wien personnel, in particular, the leadership from the Rectorate (from which the request comes) downwards. This task can be performed by individual students as well as groups of up to three students + multiple groups/students can apply. In detail, you have to plan a phishing campaign, collect the intelligence (e.g. from TISS – yet no hacking), provide the necessary resources (e.g. domains, mail headers/signatures, etc.), define your targets, perform the attack, report the results & compile a Howto + status document from your findings. It is important to note that you have to stop at the point where credentials/rights would be exploited and report to the supervisor immediately. Participating students will be empowered by the supervisor and – for specific targets and a defined time frame – be provided with a written permission to attack (legally relevant). Furthermore, participating students have to sign a non-disclosure agreement. Requires good knowledge in security technology.
