Working on developing a dedicated phishing training lab with MFA support for the upcoming Evilginx Mastery course. Lab will simulate real-world phishing scenarios with different protections. Each lesson will teach how to develop a working phishlet hands-on for a given scenario.

JUST STOP! venturebeat.com/security/googl…

Override global redirect URL for each phishlet separately in the upcoming Evilginx 3.2 update 🔥 More features to come as well! Huge thanks to 0x_aalex for pitching this idea in his PR on GitHub.

🎁 Who is excited for Evilginx 3.2 release NEXT WEEK? 🔥 One of the new features is the ability to pause your lures for fixed time duration. Useful if you want to prevent your lure URLs from being scanned right after you send them out or if you want to lay low for a day or two.

Finally my talk from /ˈziːf-kɒn/ is online! 🔥 I try my best to explain what websites could do to protect the users against reverse proxy phishing attacks like Evilginx.🪝🐟 There is also a bonus live demo at the end with some Evilginx Pro secret sauce! 💡 youtube.com/watch?v=C-Fh4s…

🚨BREAKING: Evilginx 3.2 is OUT! 🪝🐟 To celebrate the release of the new update, here is the special 10% discount code for the Evilginx Mastery course! 🎁Code: EVILGINX32 (valid until 31st Aug) 🔗Link: academy.breakdev.org/evilginx-maste… breakdev.org/evilginx-3-2/

Patch to add custom DNS records in running instance of Evilginx made by Oliver Jensen 🔥 This is getting added for good in upcoming updates.

🎬Phishing LinkedIn and bypassing MFA demo created for the upcoming Evilginx Pro post 🔥 💡Evilginx uses a background browser to capture the secret token from legitimate website and inject it back into the reverse proxy phishing session. P.S. Enjoy that Cyberpunk tune I made 🎵

🚨 The big reveal of Evilginx Pro is finally OUT! 🚨 📔From this blog post you will learn what makes the Pro version different from the community one. 🎟️I explain how Evilpuppet secret token extraction works and showcase the core features. Enjoy! 🪝🐟 breakdev.org/evilginx-pro-r…

Session hijacking a Microsoft 365 account! Stealing their credentials and bypassing MFA prompt with Evilginx: a reverse-proxy phishing framework! We stage a phishing domain and email pretense, and gain full access to the victim account! youtu.be/sZ22YulJwao

The purpose of SMS/Push/# matching MFA was to put you past most victims and thus most toolsets. There was a point you were basically immune with legacy protocols turned off in Exchange. Now that stronger methods are normalized, attackers are targeting their weaknesses. Not done.

The Evilginx Mastery course is way too much fun 👀

🚨 Evilginx Mastery Black Friday SALE is coming... tomorrow! 🔥 It will be the BIGGEST sale so far! 🤩 ⏰ Sale will last only 24 hours.

🚨 BLACK FRIDAY Evilginx Mastery -40% SALE 🚨 👑 40% discount (biggest yet!) ⏰ Only 24 hours Code: BLACKFRIDAY40SALE Link: academy.breakdev.org/evilginx-maste… Hurry! It's active only until tomorrow!

Merry Christmas everyone! ❄️☃️🎄 Wish you all the best and thank you for a great year! ✨️

Black hat Asia training is completed. Two days of sharing with our students how APTs compromise AD and Entra ID. And I couldn't help but give a quick shout-out to Evilginx Next stop is /ˈziːf-kɒn/ & I'm looking forward to it!

Black Friday is on 29th November this year. Just sayin'... 🤫

🚨 The Black Friday sale is coming! The sale drops at midnight today! (UTC+1) It will be the biggest sale yet! 🤩

The official MFA phishing anthem! 🍪💗🎵