-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathphishing.html
278 lines (233 loc) · 27.3 KB
/
phishing.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
<!DOCTYPE html>
<html lang="en-US">
<head>
<title>Phishing Prevention on a Budget: How to Test and Train Your Employees for Free</title>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<!-- SEO Description -->
<meta name="author" content="Nicholas S. Selby">
<meta name="description" content="Maximize your cybersecurity defenses by conducting free phishing tests on your employees and empowering them to recognize and avoid phishing attempts.">
<link rel="canonical" href="https://rupumped.github.io/phishing.html">
<script type="application/ld+json">
{
"@context": "https://schema.org",
"@type": "BlogPosting",
"headline": "Phishing Prevention on a Budget: How to Test and Train Your Employees for Free",
"image": [
"https://rupumped.github.io/blog/phishing.jpg",
"https://rupumped.github.io/blog-posts/phishing-cover.jpg"
],
"datePublished": "2023-03-28T00:00:00+00:00",
"author": [{
"@type": "Person",
"name": "Nicholas S. Selby",
"url": "https://rupumped.github.io/"
}]
}
</script>
<!-- Open Graph Tags -->
<meta property="og:title" content="Phishing Prevention on a Budget: How to Test and Train Your Employees for Free">
<meta property="og:description" content="Maximize your cybersecurity defenses by conducting free phishing tests on your employees and empowering them to recognize and avoid phishing attempts.">
<meta property="og:image" content="https://rupumped.github.io/blog/phishing.jpg">
<meta property="og:image:width" content="1024">
<meta property="og:image:height" content="1024">
<meta property="og:image:alt" content="A fishhook and an at symbol (@)">
<meta property="og:url" content="https://rupumped.github.io/phishing.html">
<meta property="og:type" content="article">
<!-- Favicon -->
<link rel="icon" href="./favicon.ico" type="image/x-icon">
<!-- Fonts -->
<link rel="preconnect" href="https://fonts.googleapis.com">
<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
<link href="https://fonts.googleapis.com/css2?family=Open+Sans:wght@400;700&family=Raleway:wght@300;400;700&display=swap" rel="stylesheet">
<!-- Custom CSS -->
<link rel="stylesheet" type="text/css" href="main.css">
<link rel="stylesheet" type="text/css" href="secondary.css">
<link rel="stylesheet" type="text/css" href="blog-posts/blog-post.css">
</head>
<body>
<header>
<div class="header-content">
<a href="index.html" id="name">NICHOLAS S SELBY</a>
<nav>
<input class="menu-btn" type="checkbox" id="menu-btn">
<label class="menu-icon" for="menu-btn" tabindex="0"><span class="navicon"></span></label>
<ul class="menu">
<li><a href="index.html">HOME</a></li>
<li><a href="about.html">ABOUT</a></li>
<li><a href="selected-work.html">PROJECTS</a></li>
<li><a href="blog.html">BLOG</a></li>
<li><a href="service.html">SERVICE</a></li>
</ul>
</nav>
</div>
</header>
<main>
<h1>Phishing Prevention on a Budget: How to Test and Train Your Employees for Free</h1>
<p class="date">Posted on March 28, 2023 • 10-minute read</p>
<figure class="cover">
<img src="blog-posts/phishing-cover.jpg" alt="Arm reaching out of an email to steal cash and credit cards">
<figcaption>Image CC0: Mohamed Hassan.</figcaption>
</figure>
<section class="toc">
<h2>Contents</h2>
<div>
<ul>
<li><a href="#Introduction">Introduction</a></li>
<li><a href="#Prepare">Prepare your Employees</a></li>
<li><a href="#SMTP">Set Up a Free SMTP Server</a></li>
<li><a href="#Malware">Create a "Malware" Website</a></li>
<li><a href="#Send">Execute the Phishing Test</a></li>
<li><a href="#Aftermath">Aftermath</a></li>
</ul>
</div>
</section>
<section id="Introduction">
<h2>Introduction</h2>
<p>Phishing attacks continue to be a significant threat to businesses of all sizes, and they are becoming increasingly sophisticated. Hackers use social engineering tactics to trick employees into divulging sensitive information, such as login credentials or financial data. This can result in data breaches, financial losses, and damage to a company's reputation.</p>
<p>To prevent these attacks, companies must take proactive steps to educate their employees and provide them with the necessary tools and training to recognize and avoid phishing attempts. One effective way to achieve this is by conducting phishing tests.</p>
<p>Phishing tests are simulated attacks that mimic real-life phishing attempts. They allow companies to assess their employees' susceptibility to phishing and identify areas where additional training is needed. While some organizations hire third-party providers to conduct these tests, it can be costly. In this article, I will show you how to run a phishing test on your employees for free, without the need for expensive third-party services, or even a dedicated internal server. I will provide you with step-by-step instructions and tips on how to make the most of this valuable tool for strengthening your company's cybersecurity defenses.</p>
</section>
<section id="Prepare">
<h2>Prepare your Employees</h2>
<p>Preparing your company's employees for a phishing test is essential to ensure that they understand the purpose of the test and are not caught off guard when they receive the simulated phishing email. Make sure that your company's employees know what actions they should take if they receive a suspected phishing email. This includes reporting it to the IT team, deleting the email, and avoiding clicking on any links or attachments. Create a mailbox for your company's employees to report suspicious emails. I created [email protected]. Then, post a company-wide announcement, for example:</p>
<blockquote>If you receive an email that looks suspicious, and you'd like help identifying if it's a phishing scam, please forward it to [email protected] and send me a message. Sometimes, these scams are really convincing, and there's no harm in asking me to test it for you.</blockquote>
<p>You may also choose to alert your company's employees that you will be performing a phishing test. When employees are aware that a phishing test is going to take place, they are more likely to take it seriously and make an effort to identify and report any suspicious emails they receive.</p>
<p>Wait long enough, perhaps a week, after sending the announcement to ensure everyone has had a chance to read and digest the request.</p>
</section>
<section id="SMTP">
<h2>Set Up a Free SMTP Server</h2>
<p>If you would like to be notified when an employee fails the phishing test, one option is to set up an SMTP server so your "malware" can send you an email when it is run on someone's computer. An SMTP (Simple Mail Transfer Protocol) server is a computer program or software that is responsible for sending and receiving emails. It is the standard protocol used for sending emails over the internet, and it is responsible for ensuring that the emails are delivered to the intended recipient's email server.</p>
<p>I recommend using <a rel="external" target="_blank" href="https://elasticemail.com/">Elastic Email</a>'s Email API, an email delivery engine with an SMTP relay you can call from JavaScript. As of this writing, a free Elastic Email account allows you up to 100 emails per day. To set up your SMTP server, <a rel="external" target="_blank" href="https://app.elasticemail.com/api/create-account">create an account</a> to use their Email API using a dummy email address specifically for this purpose. After creating an account, log in and click "Connect to SMTP API" from the Start menu on your account dashboard.</p>
<img class="img-center" alt="Screenshot of the Elastic Email account dashboard" src="blog-posts/phishing-elasticemaildash.jpg">
<p>Then, create a user with the same email you used to create the Elastic Email account. Save the password generated by Elastic Email for later. When you are done, you should see a screen like this:</p>
<img class="img-center" alt="Screenshot of the Elastic Email SMTP settings" src="blog-posts/phishing-smtp.jpg">
</section>
<section id="Malware">
<h2>Create a "Malware" Website</h2>
<p>The next step is to create the website to which your phishing email will link. In my opinion, the easiest way to do this is to use <a rel="external" target="_blank" href="https://pages.github.com/">GitHub Pages</a>. Navigate to <a rel="external" target="_blank" href="https://github.com/">GitHub</a>, sign out of your account if you are already logged in, and click the "Sign Up" button in the top right corner of the page. Follow the instructions to create an account. Note that the username you pick will be included in the URL of the phishing link you send to your company's employees, so I recommend including your company name in the username (e.g., "renewvia-official").</p>
<p>Once you have created your new GitHub account, sign in and click "<a rel="external" target="_blank" href="https://github.com/new">New</a>" to create a new repository. Name your repository "[your username].github.io," where "[your username]" is your GitHub account username (e.g., "renewvia-official.github.io"). Ensure the repository is public and click the "Create repository" button. When GitHub navigates you to the new repository page, click "creating a new file."</p>
<img class="img-center" alt="Screenshot of a new repository in GitHub" src="blog-posts/phishing-creatinganewphile.jpg">
<p>Name your new file "index.html" to ensure it will be displayed by the browser when your "malware" site is live. Modify the following HTML script for your company, and copy-paste it into the "Edit new file" input box.</p>
<pre class="overflowable">
<code><!DOCTYPE html>
<html lang="en-US">
<head>
<title>You done messed up</title>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<script src="https://smtpjs.com/v3/smtp.js"></script>
</head>
<body>
<p>This was a simulated phishing exercise conducted by <span class="purple">[your company's name]</span> to raise awareness about the dangers of phishing. If it had been a real phishing attempt, you would have unknowingly given your personal information to a criminal. The information below can help you recognize phishing messages.</p>
<p>The email was sent from the address <span class="purple">[your email address]</span>. However, it is important to note that the sender's email address can easily be forged, and therefore should not be fully trusted.</p>
<p>If you hover your mouse over the link provided in the email, you will see that it would direct you to <span class="purple">[your GitHub username]</span>.github.io, which is not a legitimate <span class="purple">[your company's name]</span> website. To identify the domain, look for the third forward slash (/) and read the words preceding it. In this case, the domain is github.io. It is also important to note that just because a link has an "https://" and a lock symbol in the browser does not necessarily mean that the website is safe to visit.</p>
<p>To protect yourself from phishing attacks, be cautious of emails and messages that exhibit any of the following six characteristics:</p>
<ul>
<li>A request to click on links</li>
<li>An unexpected attachment</li>
<li>A sense of urgency</li>
<li>An appeal to human greed and/or fear</li>
<li>A request for your sensitive data</li>
<li>Any non-Renewvia websites asking for your Renewvia account information</li>
</ul>
<p>Always verify the URL of the website before entering your login credentials. If it is not a <span class="purple">[your company's name]</span> website, do not provide your credentials. Phishers often direct users to imitation websites that appear legitimate to steal their sensitive information.</p>
<p>If you have any doubts or concerns about an email, forward it to <span class="purple">[the mailbox you set up for reporting phishing]</span>.</p>
<p>As a result of clicking on the link, you are required to complete a cybersecurity awareness training. Please complete the training at <a rel="external" target="_blank" href="https://learnsecurity.amazon.com/en/index.html">https://learnsecurity.amazon.com/en/index.html</a> and send <span class="purple">[your name]</span> your certificate of completion.</p>
<script>
var url = window.location.href.split('?');
var id = url[url.length-1];
Email.send({
Host : "smtp.elasticemail.com",
Username : "<span class="purple">[your Elastic Email SMTP username]</span>",
Password : "<span class="purple">[your Elastic Email SMTP password]</span>",
To : '<span class="purple">[your email address]</span>',
From : "<span class="purple">[your Elastic Email SMTP username]</span>",
Subject : "Someone clicked the link",
Body : id
}).then(
message => console.log(message)
);
</script>
</body>
</html></code>
</pre>
<p>After pasting the above code into the input box, you will need to replace all of the bracketed purple text:</p>
<ul>
<li><code><span class="purple">[your company's name]</span></code>, e.g., Renewvia.</li>
<li><code><span class="purple">[your email address]</span></code> should be the email address from which you will send the phishing scam and to which you want your company's employees to submit their training certificates of completion.</li>
<li><code><span class="purple">[your GitHub username]</span></code> should be the username you created for your GitHub account, e.g., renewvia-official.</li>
<li><code><span class="purple">[the mailbox you set up for reporting phishing]</span></code>, e.g., [email protected].</li>
<li><code><span class="purple">[your name]</span></code></li>
<li><code><span class="purple">[your Elastic Email SMTP username]</span></code>, e.g., [email protected].</li>
<li><code><span class="purple">[your Elastic Email SMTP password]</span></code> should be the alphanumeric password you recorded when you created the Elastic Email SMTP user.</li>
</ul>
<p>My recommended website includes an assignment for those that click the link: complete a <a rel="external" target="_blank" href="https://learnsecurity.amazon.com/en/index.html">Cybersecurity Awareness Training</a> provided by Amazon and submit their certificates of completion. NIST maintains a list of <a rel="external" target="_blank" href="https://www.nist.gov/itl/applied-cybersecurity/nice/resources/online-learning-content">free and low-cost online cybersecurity learning content</a> that is worth reading.</p>
<p>Note that this method involves keeping your Elastic Email SMTP user credentials visible in the HTML of a public webpage. GitHub will likely send you an email warning you of the risks associated with not encrypting login credentials. Because you have created the account specifically for the purpose of conducting a phishing test, the security risk here is negligible. Nonetheless, SmtpJS.com provides an <a rel="external" target="_blank" href="https://www.smtpjs.com/#useit">explainer for how to encrypt your SMTP credentials</a> in the "Security" section of their homepage.</p>
<p>When you finish editing the HTML file, scroll to the bottom of the page, name the commit whatever you want (e.g., "Create index.html"), and click "Commit new file." Automatically, GitHub will create a public website from the HTML you just committed. You can visit that website at https://[your GitHub username].github.io where "[your GitHub username]" is replaced with your GitHub username (e.g., https://renewvia-official.github.io/).</p>
<img class="img-center" alt="Screenshot of the GitHub 'Commit new file' process" src="blog-posts/phishing-commitnewfile.jpg">
<p>A crucial component of the above HTML page is the <code>script</code> element, which contains the JavaScript necessary to identify the individual who clicked the link and send you a notification email when they do. It works by reading the URL and looking for a question mark, "?", after which it expects the name of the person who clicked the link. So, using renewvia-official.github.io as an example subdomain, if someone visits https://renewvia-official.github.io/?nick, then their browser will automatically send an email containing the name "nick" to whichever email address was entered in the "To:" field of the above HTML page's script element.</p>
</section>
<section id="Send">
<h2>Execute the Phishing Test</h2>
<p>You are ready to begin sending phishing emails to your company's employees. Draft a phishing email or use mine:</p>
<blockquote>
Subject: URGENT Review Analysis<br><br>Body: Per our discussion, please review this analysis and send me your thoughts by EOD.
</blockquote>
<p>In the composition window of your email manager, highlight "this analysis" and create a hyperlink to the GitHub page you just created, being sure to include the question mark, "?", followed by some identifier for the recipient of the email. Extending the above example, you would send the email to me, and "this analysis" would link to https://renewvia-official.github.io/?nick. Repeat the process for each employee, adjusting the hyperlink URL each time so that you can identify which employees fail the test by clicking the link. Note that, as you test your phishing scam, you can use the browser's console to examine the status of the request sent to the SMTP server. The notification emails may wind up in your Spam/Junk folder.</p>
</section>
<section id="Aftermath">
<h2>Aftermath</h2>
<p>Even if you prepared them well, your company's employees may have mixed responses to the phishing test. Heartily congratulate those who forward the email to the phishing report mailbox you set up, publicly rewarding them for their diligence. Gently encourage those who fail and click the link: "It's okay. That's why we do tests. After the training, you will understand better how to keep yourself and the company safe."</p>
<p>You may also want to create an internal report about how your company performed as a whole, including a plan to improve awareness and perform periodic testing.</p>
<p>Conducting phishing tests on your company's employees is a critical step in protecting your company's sensitive information and maintaining its cybersecurity defenses. While hiring third-party providers to conduct these tests can be expensive, you can run them for free using these steps. By preparing your company's employees, you can help to create a culture of awareness and vigilance around cybersecurity within your organization. By taking these proactive steps, you can minimize the risk of successful phishing attacks and ensure that your company's sensitive information remains secure. Remember, prevention is always better than cure, and the best defense against phishing attacks is an informed and alert workforce.</p>
<p><b>UPDATE:</b> When I ran this test the first time at my company, a majority of my colleagues failed the test. After making them all take the training module, I tested them again one year later, this time by replacing the suspicious link with a file attachment that my email requested them open and inspect urgently. <b>Not a single person opened the attachment.</b> Instead, almost everyone emailed me to check the email's authenticity, and a few made comments like "I do remember my training 😄" and "You gotta up your game with me, I'm way harder to trick than that!"</p>
</section>
</main>
<footer>
<div id="top-footer">
<div id="footer-socials">
<a aria-label="My LinkedIn profile" rel="external" href="https://www.linkedin.com/in/nicholas-selby-5278b334/" target="_blank">
<svg viewBox="0 0 448 512" xmlns="http://www.w3.org/2000/svg" aria-labelledby="LinkedIn-title LinkedIn-desc">
<title id="LinkedIn-title">LinkedIn</title>
<desc id="LinkedIn-desc">LinkedIn icon</desc>
<path d="m416 32h-384.1c-17.6 0-31.9 14.5-31.9 32.3v383.4c0 17.8 14.3 32.3 31.9 32.3h384.1c17.6 0 32-14.5 32-32.3v-383.4c0-17.8-14.4-32.3-32-32.3zm-280.6 384h-66.4v-213.8h66.5v213.8zm-33.2-243c-21.3 0-38.5-17.3-38.5-38.5s17.2-38.5 38.5-38.5c21.2 0 38.5 17.3 38.5 38.5 0 21.3-17.2 38.5-38.5 38.5zm282.1 243h-66.4v-104c0-24.8-.5-56.7-34.5-56.7-34.6 0-39.9 27-39.9 54.9v105.8h-66.4v-213.8h63.7v29.2h.9c8.9-16.8 30.6-34.5 62.9-34.5 67.2 0 79.7 44.3 79.7 101.9z"/>
</svg>
</a>
<a aria-label="My Google Scholar Profile" rel="external" href="https://scholar.google.com/citations?user=SKcs1pEAAAAJ" target="_blank">
<svg viewBox="0 0 448 512" xmlns="http://www.w3.org/2000/svg" aria-labelledby="Google-Scholar-title Google-Scholar-desc">
<title id="Google-Scholar-title">Google Scholar</title>
<desc id="Google-Scholar-desc">Google Scholar icon</desc>
<path d="m48 32c-26.5 0-48 21.5-48 48v352c0 26.5 21.5 48 48 48h352c26.5 0 48-21.5 48-48v-352c0-26.5-21.5-48-48-48zm140.69531 64h178.24024l-16.47071 12.85938v22.69335c6.1159.78532 5.46875 4.46019 5.46875 8.85743v107.22265c0 4.96563-4.06205 9.0293-9.02734 9.0293h-3.32422c-4.96563 0-9.0293-4.06403-9.0293-9.0293v-107.22265c0-4.40781-.63995-8.08659 5.52149-8.86133v-14.26563l-47.42383 38.89258c.54795 1.01573 1.06775 1.6675 1.5625 2.51953 4.16684 7.37735 6.28906 16.54919 6.28906 27.75977 0 8.59325-1.43204 16.31497-4.33593 23.13086-2.89082 6.81736-6.4066 12.38451-10.50782 16.67383-4.10119 4.30429-8.21545 8.23614-12.33008 11.77734-4.11326 3.54813-7.62906 7.24664-10.50781 11.08789-2.90139 3.82814-4.34765 7.78747-4.34765 11.88867 0 4.10814 1.87594 8.28085 5.61328 12.48633 3.72386 4.2186 8.30529 8.30635 13.72265 12.34375 5.42938 4.01043 10.84634 8.46278 16.26368 13.30664 5.42904 4.83584 9.98706 11.06107 13.71093 18.62109 3.75047 7.58518 5.625 15.93732 5.625 25.11719 0 12.10928-3.08756 23.04599-9.24609 32.7793-6.17204 9.69317-14.21877 17.42887-24.10156 23.09961-9.90904 5.70939-20.50722 10.00631-31.8086 12.91015-11.32797 2.87733-22.56501 4.32227-33.78906 4.32227-7.08423 0-14.23265-.5475-21.42187-1.66602-7.21219-1.12-14.43823-3.09828-21.7168-5.88476-7.29167-2.80655-13.75106-6.25079-19.34961-10.39063-5.61205-4.09467-10.12984-9.38173-13.59375-15.82031-3.46392-6.43852-5.18359-13.67857-5.18359-21.71875 0-9.53863 2.65694-18.38532 7.98242-26.63476 5.32512-8.18928 12.3823-15.02552 21.1582-20.44141 15.31325-9.52549 39.33645-15.4113 72.03125-17.63672-7.47326-9.34283-11.22266-18.13975-11.22266-26.36914 0-4.68271 1.22186-9.69984 3.64454-15.11719-3.90652.54687-7.9286.85352-12.03125.85352-17.56273 0-32.39541-5.70952-44.43946-17.20703-12.04402-11.47856-18.05859-25.8462-18.05859-43.2168 0-1.81599.05219-3.41866.18164-5.18945h-71.378907zm31.37891 38.33398c-11.19892 0-19.79186 4.02906-25.78125 12.07032-5.9879 8.02012-8.98438 17.73465-8.98438 29.14648 0 9.71981 1.64061 19.61644 4.92188 29.70703 3.2681 10.08548 8.62123 19.08948 16.12109 27.02539 7.47324 7.95594 16.17192 11.92578 26.05469 11.92578 11.01591 0 19.62286-3.68944 25.79492-11.07226 6.14505-7.37043 9.23047-16.67343 9.23047-27.87891 0-9.54517-1.6264-19.537-4.89453-29.98633-3.25608-10.46247-8.68505-19.90262-16.26367-28.30664-7.55234-8.4321-16.30333-12.63086-26.19922-12.63086zm18.51758 172.08008c-8.03469 0-15.93905.71228-23.69922 2.13086-7.76017 1.37996-15.41675 3.70986-22.96875 6.99805-7.57861 3.26958-13.69819 8.07499-18.35938 14.42969-4.68784 6.34667-7.01953 13.82169-7.01953 22.42187 0 8.19582 2.05913 15.50628 6.17383 21.87305 4.10265 6.32768 9.51795 11.28394 16.25 14.83203 6.73201 3.55471 13.78885 6.23613 21.1582 8 7.3828 1.75184 14.89682 2.66406 22.55274 2.66406 15.14262 0 28.17578-3.41115 39.11328-10.22851 10.91054-6.8159 16.38086-17.34206 16.38086-31.54883 0-2.98812-.41689-5.93201-1.23828-8.80274-.85861-2.90389-1.70365-5.3892-2.53711-7.45312-.83345-2.02525-2.42173-4.4673-4.76563-7.2793-2.33081-2.81861-4.11569-4.90255-5.31445-6.28906-1.2239-1.43208-3.51215-3.47703-6.88672-6.17969-3.34426-2.71375-5.48032-4.40548-6.43164-5.03125h-.00195c-.93771-.65762-3.3717-2.4355-7.29102-5.32031-3.9189-2.91084-6.06651-4.45407-6.44531-4.63672-2.05736-.37077-4.94607-.58008-8.66992-.58008z"/>
</svg>
</a>
<a aria-label="My GitHub profile" rel="external" href="https://github.com/rupumped" target="_blank">
<svg viewBox="0 0 448 512" xmlns="http://www.w3.org/2000/svg" aria-labelledby="GitHub-title GitHub-desc">
<title id="GitHub-title">GitHub</title>
<desc id="GitHub-desc">GitHub icon</desc>
<path d="M400 32H48C21.5 32 0 53.5 0 80v352c0 26.5 21.5 48 48 48h352c26.5 0 48-21.5 48-48V80c0-26.5-21.5-48-48-48zM277.3 415.7c-8.4 1.5-11.5-3.7-11.5-8 0-5.4.2-33 .2-55.3 0-15.6-5.2-25.5-11.3-30.7 37-4.1 76-9.2 76-73.1 0-18.2-6.5-27.3-17.1-39 1.7-4.3 7.4-22-1.7-45-13.9-4.3-45.7 17.9-45.7 17.9-13.2-3.7-27.5-5.6-41.6-5.6-14.1 0-28.4 1.9-41.6 5.6 0 0-31.8-22.2-45.7-17.9-9.1 22.9-3.5 40.6-1.7 45-10.6 11.7-15.6 20.8-15.6 39 0 63.6 37.3 69 74.3 73.1-4.8 4.3-9.1 11.7-10.6 22.3-9.5 4.3-33.8 11.7-48.3-13.9-9.1-15.8-25.5-17.1-25.5-17.1-16.2-.2-1.1 10.2-1.1 10.2 10.8 5 18.4 24.2 18.4 24.2 9.7 29.7 56.1 19.7 56.1 19.7 0 13.9.2 36.5.2 40.6 0 4.3-3 9.5-11.5 8-66-22.1-112.2-84.9-112.2-158.3 0-91.8 70.2-161.5 162-161.5S388 165.6 388 257.4c.1 73.4-44.7 136.3-110.7 158.3zm-98.1-61.1c-1.9.4-3.7-.4-3.9-1.7-.2-1.5 1.1-2.8 3-3.2 1.9-.2 3.7.6 3.9 1.9.3 1.3-1 2.6-3 3zm-9.5-.9c0 1.3-1.5 2.4-3.5 2.4-2.2.2-3.7-.9-3.7-2.4 0-1.3 1.5-2.4 3.5-2.4 1.9-.2 3.7.9 3.7 2.4zm-13.7-1.1c-.4 1.3-2.4 1.9-4.1 1.3-1.9-.4-3.2-1.9-2.8-3.2.4-1.3 2.4-1.9 4.1-1.5 2 .6 3.3 2.1 2.8 3.4zm-12.3-5.4c-.9 1.1-2.8.9-4.3-.6-1.5-1.3-1.9-3.2-.9-4.1.9-1.1 2.8-.9 4.3.6 1.3 1.3 1.8 3.3.9 4.1zm-9.1-9.1c-.9.6-2.6 0-3.7-1.5s-1.1-3.2 0-3.9c1.1-.9 2.8-.2 3.7 1.3 1.1 1.5 1.1 3.3 0 4.1zm-6.5-9.7c-.9.9-2.4.4-3.5-.6-1.1-1.3-1.3-2.8-.4-3.5.9-.9 2.4-.4 3.5.6 1.1 1.3 1.3 2.8.4 3.5zm-6.7-7.4c-.4.9-1.7 1.1-2.8.4-1.3-.6-1.9-1.7-1.5-2.6.4-.6 1.5-.9 2.8-.4 1.3.7 1.9 1.8 1.5 2.6z"/>
</svg>
</a>
<a aria-label="My RSS feed" href="rss.xml">
<svg fill="#000000" height="800px" width="800px" version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="-143 145 512 512" xml:space="preserve" aria-labelledby="RSS-title RSS-desc">
<title id="RSS-title">RSS</title>
<desc id="RSS-desc">RSS icon</desc>
<path d="M329,145h-432c-22.1,0-40,17.9-40,40v432c0,22.1,17.9,40,40,40h432c22.1,0,40-17.9,40-40V185C369,162.9,351.1,145,329,145z M43.1,518.7c-6.2,6.2-14.7,9.9-24.1,9.9c-9.4,0-17.8-3.8-24-9.9c-6.2-6.2-10-14.6-10-23.9c0-9.4,3.8-17.8,10-24s14.6-10,24-10 c9.4,0,17.9,3.8,24,10c6.2,6.2,10,14.6,10,24C53,504.2,49.2,512.6,43.1,518.7z M104.8,529c-0.1-32.1-12.5-62.3-35.1-84.9 c-22.6-22.6-52.8-35.2-84.7-35.2V360c46.6,0,88.7,19,119.3,49.6c30.6,30.6,49.5,72.8,49.6,119.4H104.8z M192,529 c-0.1-114.2-92.8-207.1-206.9-207.1V273c70.6,0,134.5,28.7,180.8,75.1c46.3,46.4,75,110.3,75.1,180.9H192z"/>
</svg>
</a>
</div>
<div id="footer-initials">
NSS
</div>
<div id="footer-nav">
<a href="mailto:[email protected]">CONTACT</a>
<a href="index.html">HOME</a>
<a href="sitemap.xml">SITEMAP</a>
</div>
</div>
<p id="copyright">
© 2018–2024 This work by <a href="https://rupumped.github.io" property="cc:attributionName" rel="cc:attributionURL">Nicholas S. Selby</a> is licensed under a <a rel="license" target="_blank" href="http://creativecommons.org/licenses/by/4.0/">Creative Commons Attribution 4.0 International License</a>. Feel free to fork the <a rel="external" target="_blank" href="https://github.com/rupumped/rupumped.github.io">source code</a> from GitHub and create your own website using this template.
</p>
</footer>
</body>
</html>