Update README.md

Fixing typos that I should have fixed a long time ago.
Wh014M · Sep 1, 2022 · f236765 · f236765
1 parent c72a6b2
commit f236765
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/README.md b/README.md
@@ -1,13 +1,13 @@
 # GoPhish Templates
 
-This repository includes several GoPhish templates that I have utilized throughout various engagements and retired from use. 
+This repository includes several GoPhish templates that I have utilized for various engagements and now retired.
 
-When learning how to setup and use GoPhish I found that there was a lack of publicly available phishing templates and landing pages. This repository is my go to give back to the InfoSec community and provide examples of templates that I've used throughout generic phishing engagements. 
+When learning how to setup and use GoPhish I found that there was a lack of publicly available templates and landing pages. This repository is my attempt to give back to the InfoSec community by providing examples that I've used for generic phishing engagements. 
 
 ## Clicking = Fail & Other Thoughts
-When launching a campaign with GoPhish my goal is to always try and obtain credentials from the user. While attacks can be executed from a user clicking an email (looking at you BeEF), 9/10 when I'm on a penetration test, credentials are what I am hoping for. These campaigns are best paired with a good landing page or malicious document. 
+When launching a campaign with GoPhish my goal is to always try and obtain credentials from the user. While attacks can be executed from a user clicking aa link (looking at you BeEF), 9/10 when I'm on a penetration test, credentials are what I am hoping for since dropping malware often isn't in scope. These campaigns are best paired with a good landing page or malicious download. 
 
-I highly recommend you tailor these pretexts and landing pages to your client. That means you should definitely clone a login portal from their website or create a convincing landing page to be used throughout more generic campaigns (e.g., 3rd party login). Remember, we potentially only need to land one successful phish to go masterhacker mode.
+I highly recommend you tailor these pretexts and landing pages to your client. That means you should clone a login portal from their external environment or create a convincing template relative to ongoing events to be used throughout more sophisticated campaigns. Remember, we potentially only need to win once to go masterhacker mode.
 
 However, I do want to state that users who click an email still provide me with some interesting information:
 1. The email address is valid.