Compartmentalized Infrastructure - scottgoetz/ansible GitHub Wiki
Importance of Compartmentalized Infrastructure
The image above depicts running multiple phishing campaigns. Each campaign having it's own separate infrastructure, with the exception of the "Core services" (Gophish, CobaltStrike, etc) being ran from a single server.
The idea behind this model is that any piece of infrastructure (web redirectors and mail servers) a Target directly interacts with is considered burnable. The primary benefit is that if you run multiple campaigns against different Targets and the infrastructure for each campaign is compartmentalized, meaning if "Campaign B" is safe if "Campaign A" gets burned.
Additionally, the Core server is safe from being burned as it never directly interacts with a Target. This is beneficial because you don't have to rebuild the Core server every time a campaign gets burned, you don't have to worry about how you are going to preserve all of the data from burned campaigns, and you don't have to manage multiple campaigns from multiple servers.
Example
As an example, the two screenshots below depict output from mail-tester.com, where the Mail Server was burned by Spamhause. The last computer to touch the email before the email gets sent by the final mail server is put into the mail headers. Reuse of the burned Mail Server in any way could cause some problems:
- If I were to use this same mail server for a different campaign, that campaign would be as well.
- If I were to host the Web Server on the Mail Server, the Web Server would probably also be burned
The setup for this example was: Gophish Server > Mail Server (redirector) > O365 > mail-tester.com
