Skip to main content
Trusted Domain, Untrusted Destination: Open-Redirect Phishing operation cover
COMING SOONBeginner

Trusted Domain, Untrusted Destination: Open-Redirect Phishing

A finance clerk at Larkfield Mutual Assurance clicks a Release My Messages link in an Undelivered Mails phishing email. The link opens with a trusted brand domain that carries an open-redirect flaw, so it sails past URL filtering. Follow the 302 redirect through an attacker cushion server and a JavaScript hop to a spoofed Microsoft 365 login page, then catch the harvested credentials being replayed against the real tenant. Walk the mail gateway, web proxy, and sign-in logs step by step.

25m
6 tasks
25 points
Free

Launches today

Jul 3, 2026

Friday, July 3, 2026 at 9:00 AM

Create your free account

Be ready the moment it drops — free forever.

Training Tools

EmailSIEM

What you'll investigate

6 objectives unlock when this operation goes live.

1Brief: a familiar name at the front of the link
2Spot the trusted domain in the phishing link
3Follow the 302 to the cushion server
4Find the page that stole the credentials
5Catch the credential replay
6Name the technique that made the link trustworthy

Be first when it launches

Create your free account now. The moment this operation goes live on Jul 3, 2026, you can jump straight in — and you'll have the rest of the catalog to train on meanwhile.

Get Started Free

No credit card required — free forever

Trusted Domain, Untrusted Destination: Open-Redirect Phishing — Coming Soon | SOCSimulator