Running a phishing campaign against your organisation is a good way to educate users against the perils of the inbox. Some of the common problems with education-based phishing runs of any reasonable size include:
- The pain of spinning up infrastructure for the campaign
- Tracking user participation and response
- The reconfiguration efforts required each time a new set of individuals is targeted
KingPhisher takes care of a lot of those problems. Here's my quick and dirty setup that utilises a $10 Digital Ocean service to run the campaign.