ExpiredDomains.Net to get a C2 domain
Use DomainCheck on the domain when registered:https://posts.specterops.io/being-a-good-domain-shepherd-57754edd955f
Lead with a completely benign mass e-mail (fake newsletter) if possible and see if you can get OOO responses confirming mailbox exists. Then spearphish.
https://www.mail-tester.com/ to see if your fake newsletter will be rejected as spam
When we weaponize social engineering, our targets are the humans who have the ability to give us access to the systems and data we want to compromise. In this post, we’ll explore ways to find target users for our phishing campaigns. We’ll then talk about what makes a “good” target vs. a “bad” target.